Red Hat Security Advisory 2023-1437-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1437-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1437  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
openssl-1.1.1c-6.el8_1.src.rpm

aarch64:  
openssl-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.aarch64.rpm  
openssl-devel-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-perl-1.1.1c-6.el8_1.aarch64.rpm

ppc64le:  
openssl-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debugsource-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-devel-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-perl-1.1.1c-6.el8_1.ppc64le.rpm

s390x:  
openssl-1.1.1c-6.el8_1.s390x.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-debugsource-1.1.1c-6.el8_1.s390x.rpm  
openssl-devel-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-perl-1.1.1c-6.el8_1.s390x.rpm

x86_64:  
openssl-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.i686.rpm  
openssl-debugsource-1.1.1c-6.el8_1.x86_64.rpm  
openssl-devel-1.1.1c-6.el8_1.i686.rpm  
openssl-devel-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-perl-1.1.1c-6.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQj2fBAAonoENVQK1z0o1faaI5kJcpcjudplrNTx  
CWn5Q1bA7ZOU+8F4kocdGWUHfF7IIFHmcV/bfkz0pyOEx14pHdi4gbfp7DHMg+vh  
TnJBtCqCJVGWmoDu4qUzm81w96lSgRTFweoMdk8DZL8GBfPF7ZW4q46A8oBCxkXC  
jQ1gAhHZEfeDKCSsQ+JJvtjSZdAKCf3iDimy6FMFHDLg9hqXns+UXZ+7mJD3UpLP  
gqfzM8a1+YonxtC1piovlY7KaWV7EpgufVCzILjwXiLeKivfUo4SGDdw+fsv5rzr  
ex1qOKg9mucu3nq5eoZaOomtrvhFW9P8igS1aZVWNcdhv/nbYBkhUZ04U9wwnOru  
t5936OJzyl5gQxKTA3RCX45z4qs6TUE07DB4LYSrmXj1yQXZcwahJIB5/N63ttbn  
pqt04m9xLybFsn2+8TCOiBwfZUkrKsoepjBVrqcC05yfL41fsoZao7ZwLSiptByZ  
UO5Xy4wUQjOIRCqUkquE2GidOhVdIvQhrjOj2tsaW3vHSXsYLICBxru5fOTKsNdz  
fKdIDy0S62gU2QQeSWBukCIZTnWw7sfxWZJ1p4M//JgbA5njA59iBTv+zNSQ93pr  
I/GPiwNZInjgIWFPaUkrvn0O5VejKPb+i6Mz5ACd8GJPWOFxjxDCbnarqAlaMi7D  
s7TQu68jDN4ÏEA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1437-01

Red Hat Security Advisory 2023-1439-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1439-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1439  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQh6gw//WJqLt9YyobqWOBG/NpiC73QzLQWHbVIh  
QPwDMXRYgHGUynZzutvtJsO2wAuWlplIdvKkHQRqYBFLJBVjZMz1PzgFm5EWZiY9  
4VNXNiP95rAU/IyhBqJKiHMtIfqmQPhO9DD/BKafUjc54umAowSBmZyHL5LnCtka  
XApVLo035R1mwUNWQsc0pOULWRDNKoYjZE7QR9ioUkQKSNC9zBgUXnS08uPh7BHD  
HjxsugjqH/3HNaLzF+56oKmFsZpbw9ZSnOfoM8pqBl1+A7twToR/8VvEKfvfhbid  
v+PaAH7SQcavJq7ot9p9dpNvfd161QXtK9tQXmbNC/WLSY3pYy4ju7GdDfedeS45  
63tDSkN1TVTiZnYJ4DcvEovWKfERLfw0ejdn0vQwAEHYEVlqFGsGMDFsHw3QTMGN  
hF8ynU/OB+pXOe2/V0PTvXix1c9NemE3jejQH/+I54TJTv0MWtSpq9jVTwGiqEFl  
oNoO4TQqPWHhOhfPYy7Kwom200ND6PKsiHdfSNlpB7SWbWXsvscY6Bn9JN8E9rff  
ubQcuoFR/9i8t9hoj2mPr/vcAqc5l/g75KwhHZD870gwuf7BgzOWQdmGlmA8KKRx  
9qmiwEZxPbQ0GL4hFX3H5LKntkt8w6DlhCXQzlM7cWZHI7M5jj7mxjlYJ4EDRC5C  
NZEzG8SUmpA=Knf2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1439-01

Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1441-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1441  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
openssl-1.1.1k-8.el8_6.src.rpm

aarch64:  
openssl-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.aarch64.rpm  
openssl-devel-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-perl-1.1.1k-8.el8_6.aarch64.rpm

ppc64le:  
openssl-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debugsource-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-devel-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-perl-1.1.1k-8.el8_6.ppc64le.rpm

s390x:  
openssl-1.1.1k-8.el8_6.s390x.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-debugsource-1.1.1k-8.el8_6.s390x.rpm  
openssl-devel-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-perl-1.1.1k-8.el8_6.s390x.rpm

x86_64:  
openssl-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.i686.rpm  
openssl-debugsource-1.1.1k-8.el8_6.x86_64.rpm  
openssl-devel-1.1.1k-8.el8_6.i686.rpm  
openssl-devel-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-perl-1.1.1k-8.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEGRAAk+B4NZVXOw/6ESexdRQa3UoAJBzJ6KaY  
IUjQ45hsLjQQd6bYj79D4V6onHaCUZwxD5KPzAL8rz29gfUJbN5dAef4F1Zq+k3Y  
5dutPiVFLZ5C5wuX2cPgKp6GOsShlwWR/D3pjO67L+oeQEoYJ1K9nhqc5Pg/2dbJ  
5mPejApHZ5iw6V3XQq8s9hHmkRB+dF7jKzRFjttBk3Enec5Y93krT90L0oKkarcd  
Q6oNqtcQBnMK2994D9LdKri9uYBZ+PTpgchfGxsIaceeJwGaslNxyNAbsk5bywHC  
3F7ajsM/VkbpEPYqonjX4Ww+SjR4qnfBAhSJDn88GP29I0htmNlsk8zRpwbKpdxn  
J2CbdgHASLoKMa6+o3tpkSQgwgTjoL4Z9yQvCTW1O6Q+21lKEfwCIqoh70BzINy3  
fN13qgUocmC2H7DT/cM1yxG849qUt0QCN0Y6UmIZytzdfTPib5ZR0PK7z8NEPih8  
cFr2uIGKa2UvisJ8wtSQ3KiIWjy+cU7zbPJAh6QDch82wLPrBTy7koyB+9qbZ408  
Whff+suKBHWxNXLwjnS2N6U7uodZry0cCTlusoi8VrLLkg64LY4++VQZfofUmjqz  
WSFFcRGdZNbCi9XFWCJWZ+suiNiuRyKhzM7y8GlAyCdHb1uzk7g4fKIiUkd0tthT  
FS5/PuRmzNI=pQbM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1441-01

Red Hat Security Advisory 2023-1438-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1438-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1438  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
openssl-1.0.1e-61.el6_10.src.rpm

i386:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-1.0.1e-61.el6_10.s390.rpm  
openssl-1.0.1e-61.el6_10.s390x.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-devel-1.0.1e-61.el6_10.s390.rpm  
openssl-devel-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-perl-1.0.1e-61.el6_10.i686.rpm  
openssl-static-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-perl-1.0.1e-61.el6_10.s390x.rpm  
openssl-static-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-perl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-static-1.0.1e-61.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEng/9H4eD9JfHPrMo7I2nNn5BmFSsAkVKGJmH  
S+UwS28apMed5VKlk+kZuBlJh3q6FhE2TlEU+bQ2FjJCFi77UWzlI4upEvjbq//1  
p+U+3/mW1safS9tGkWzQ412ZyEJFwmiO5LwBdzTg8MFwt1DnE3Dqhx+DD5DY19hN  
+v8tOPVDKG7WthUB0bnzI38GKAo6xCNwHXAH/22SRgBMbxMp6PY9NoiXpNt8YON3  
YFIW16qvTpjfWtKvalhmg97icKyxEh/hOXThHgaLT8m39NfiMrb0uNYMOsPuYos8  
/uXuQXSlGCfKSAf6wz1KMa94fg9p1GXuW2dLM+hgjENcIKGFiB6Wqp6LrrIezT1j  
0v4XRtcTp6Qhq2YR+053EI1VBZa7Uj0icWiN8o0efgOezX7LdyucRMa7jWkPac72  
ewpf59CSsUuvuh8+DJhZAr1bnK1LDiP9WwAmL6KC7pe+/hGGHuPNxmA3bB2pNRXu  
k9CAuxTtpEGqM8NpvvtnixNJ/vhvJ1r7jQErwVDLSBNlYEtEDxPk7TsDxdhlA2Tf  
o6aZi4yMFDdJSrktR96t+xthkgjkHicMn3wt+XSFzXAWNf0+nBR6Jm8PxD19eApB  
DDI0U0Alkd1mG9EehN/gDegTorACR+lJccdgc0O+j37rtMNuxGT9LpiwWJj5xn7i  
dKBbvGOB2ok=W1uu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1438-01

Red Hat Security Advisory 2023-1442-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1442-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1442  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.9.0.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.9.0-2.el8_1.src.rpm

ppc64le:  
thunderbird-102.9.0-2.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-2.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.9.0-2.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.9.0-2.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_1.x86_64.rpm  
thunderbird-debugsource-102.9.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQiDhQ//WZN53iMM+vQklg2sgeqWFU4w9622Ndy2  
UiCyKDvrDPVaT09ZKpjvjVFVMitQ/D4M4P7HVvyduqA2rs/DMoAF5OcDHKJKzJpn  
AlOy4ti6dsnozKSmuzAl9UbZqiuvevnoangePNvnClxEvDX8svAxTrARIJ0AkC1F  
OmBpycj2C7B3MzSLcw1WtiL5rDkV06Za2oGB2h5Bj5u6Nw+frx6qZ2EBR6Lwhbfh  
qgZ78hj0bd/kaPLwZOmWaYfjA0Fl6xPdnWwlYQsefDmHJeyatO8fEuNTaNNFnBuf  
nZSnuCNRY0D+WUXChA2sRvc4+tJkeoBIL7XVBYocSOZDChpHBBk5uYTAavE9npYh  
t3T/ji28j0EN4F6SjUKA/BrCb4YMngDozHbhflbUNReKc/TN3O9BtD1Owy0gw3/N  
YRW93nrDaZ/FuaKm4o3rzJDXYaiYWWcm8aaQALqZq3jnTYaq7Mov9ARNEkOYSXKX  
ZnkkDJNIkUWsdxispXx/qacTR6jxePEeX3fC5/nYIuKr19mbxJpbErU4+3WrXwpt  
pmB/Vl2sybnvqr0wdM4LSTbfsnVfRn/+rqBUJC2n8wRPeTp2HzXF3Sv5cV+Fw8Oy  
0pFAHaOdU7eC1yMluHdw9a51wJH6U3G8L5SJp7uHPH9fSRpHocS+ncbQ1+eGMvRD  
WlWFLUh+aHo=5PlR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1442-01

Red Hat Security Advisory 2023-1443-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1443-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1443  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.9.0.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.9.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.9.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.9.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.9.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQi/sg/+NLD4hWXVuxCNvUPRPIcFOvAxbUVPuy8+  
oCypHbape84h8IspAQQc3xy2phNnJCeZ+03kI4YuIn9sDsh17T3diDCQKq/Ltwwn  
pfKfCffM00QlNIv2yLgGz4m/lU08oF27VsQcV4hdTlNv1Hx4cp+h3xee2KBEzY4W  
pywMVZhGgKlaigIzyb6J/MhSDKBp6OLE4glgNkec4dRDjLtWK2BWxSNAOi07/ppX  
LxIrEvQlIjG0mh/6sOakXuuaXdVkpoScHPsGEhQxd8Ri1xrHPcO+udKuWahQzpkp  
Say6MDprb25u/hdNA387kkH4d6aaVS2iMZP6L2U0Z0c4dDDuBeC65fMeuPlRxMjJ  
/+hsCsUvJfFYUXm4ILrzoB9OyYwsvnGMeXd7dCJvcgN84m8bfJLx45hKiduIkmcd  
pSztKh6W2OippMaJaDdJTnvy5Pg5KysL+1J9mA5VEjaGfLGnFXghHbxrFTsfLqTJ  
X2avB3RxFX04Gp3cyTQlDP4hsEIUM+57zOQtIJqtJyVqbcGiVPSgUfOtaJZdjvvc  
IW5WHXkWzquFYSDTRB7CCAVPY5ZRCXvJ4W1ziRZPWmEYMYYSAZA8IIqFXoe2wUMD  
4eiXjCy4Y9ZuCnYoEnOSr0Yhv8ApB/tGvLoL2cHxvA6bimi0laZzYyrnGhGcxxnA  
Iuuhp2w3Qb0=I1JY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1443-01

Red Hat Security Advisory 2023-1406-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: nss security update  
Advisory ID:       RHSA-2023:1406-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1406  
Issue date:        2023-03-22  
CVE Names:         CVE-2023-0767  
====================================================================  
1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support  
the cross-platform development of security-enabled client and server  
applications.

Security Fix(es):

* nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)  
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxe+dzjgjWX9erEAQgVwA/+IBlJG0b42blekqQi5m59kTCOI8Dx9QgV  
4ZBgPpOtwfMi2jmwG754CT9TqX3AL54vWPI7AravL4uPRPl4iYKDtYxQkCfT8kS9  
9UONxRafYT41m85WWmVz6lNwB+CepaxLoGa5kkmoS3i5/k5vMiTKS64k2u1dwP7a  
IByruQA1AnB1y64SF12dRNyZtZdLNXR1KbEjky+ZyhIrsoaUF7O22jGyOE96KodS  
76Fefaq1AYHA0heg3nvZeSpT2md9lJVveinFQ2NQoot6GPPyfFhFFyvocrZeqoko  
6f0idf4QJrigftvPIv8B/rNkZVQM9ILNL3jVFrRx8Q+BcJ0WZdioqFoivt4/Y/W3  
lqwIa69X0JKQfajsp/NpCOawwavYxFJgL2jnLQBZ09J6jBhgkjoTZx051Tad02m6  
8Pe7HVP+0NXCPGUtSaR5kPdeGzS6VjwBRHpa1WX8xISbYfe9G/SyB8c/E1lSjITP  
dwwGs+foTED+xRZV16bWlHgcL2GTzFaoSYL4bi8l0pn0pDNVBzK6m+C9U9uh1ENz  
BaG6v6K6KpJ/zWXFolNczEyAi1NgcxOD16yK3Hl6IjkQAQBqH5bTOIpLUtvyfmk5  
3VZokf1RVzByjYenvmsUlqciJPC6dOFoozy3UUFCRiXKuVeWrtx48dx5enVpYmxH  
whMZIzQsfKE=UL8Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1406-01

Red Hat Security Advisory 2023-1404-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1404-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1404  
Issue date:        2023-03-22  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.9.0.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.9.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.9.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.9.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.9.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.9.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.9.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.9.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.9.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.9.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.9.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.9.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.9.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxe+dzjgjWX9erEAQhH0hAAn+dGyNfI2xVp0qr66rpGD5I7c9lLoa1p  
DmiUGUw1obkvqD7pvlqvLXcMAyYviDDoy048aZ1I7tsZwmrf8FDy+zuBakqo/XCA  
lS371eKgDlAbLfz24sFJdDITAo+mUFYzU6WE3iRmjZ+0L/o6fuhMeaBEL1nM4+ry  
3Q0QkzgJi/2fLzXMg6BG6kIBwKe1v8hMMH1YVrBduyYUQNGIGUvbektfvbVPCgIq  
q+9Lj/SIkeUyW0VjciEmwOXNmqtZGSi79/VUUEBCWbQDMKNWrsMpo5O/kjgyv6Qq  
aZveKztob1sbhw1q7p5waGmKwkv2DU8qymmnfBolutJupVlLcs2GaX4h6r5B4vzl  
e7uQHGgRWFmyfOa7i5jeSc6w855bz+mTtd4OBKM7HllVlHBxF5m7gsfjgbaiGfgO  
Lw1u5dcvS4sUhIEjoQ4BhOHzXZQ8eo7h0NC9HEWABax2kZmJjzTdGIevDpKr35CM  
dx4/HgUNyc9G5qL7Z5H04zPdus5yB9LJxhvz9jASMEMBFAuxXfiqMGk8Hgy2MRWO  
+tXo6QET/NzwSgj7VosCogb8a7S//KoH3hHaM6x5Ff9VxZiEpy9TDw98RK/A0GD3  
yvZT7ckqTMp6xR2ArXkMDxcIuGX45T0xYLlO5S3xcrx0b6NBzy619UX261P3RCJ9  
9ywwF2mhR8A=Zc5g  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1404-01

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

CVE-2023-1252: [PATCH 5.15 138/917] ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

From: Eric Dumazet <edumazet@google.com>
To: "David S . Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Cc: netdev@vger.kernel.org, Cong Wang <xiyou.wangcong@gmail.com>,
	eric.dumazet@gmail.com, Eric Dumazet <edumazet@google.com>,
	syzbot <syzkaller@googlegroups.com>,
	Dmitry Vyukov <dvyukov@google.com>
Subject: \[PATCH net\] net: sched: fix race condition in qdisc\_graft()
Date: Tue, 18 Oct 2022 20:32:58 +0000	\[thread overview\]
Message-ID: <20221018203258.2793282-1-edumazet@google.com> (raw)

We had one syzbot report \[1\] in syzbot queue for a while.
I was waiting for more occurrences and/or a repro but
Dmitry Vyukov spotted the issue right away.

<quoting Dmitry>
qdisc\_graft() drops reference to qdisc in notify\_and\_destroy
while it's still assigned to dev->qdisc
</quoting>

Indeed, RCU rules are clear when replacing a data structure.
The visible pointer (dev->qdisc in this case) must be updated
to the new object \_before\_ RCU grace period is started
(qdisc\_put(old) in this case).

\[1\]
BUG: KASAN: use-after-free in \_\_tcf\_qdisc\_find.part.0+0xa3a/0xac0 net/sched/cls\_api.c:1066
Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027

CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<TASK>
\_\_dump\_stack lib/dump\_stack.c:88 \[inline\]
dump\_stack\_lvl+0xcd/0x134 lib/dump\_stack.c:106
print\_address\_description mm/kasan/report.c:317 \[inline\]
print\_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan\_report+0xb1/0x1e0 mm/kasan/report.c:495
\_\_tcf\_qdisc\_find.part.0+0xa3a/0xac0 net/sched/cls\_api.c:1066
\_\_tcf\_qdisc\_find net/sched/cls\_api.c:1051 \[inline\]
tc\_new\_tfilter+0x34f/0x2200 net/sched/cls\_api.c:2018
rtnetlink\_rcv\_msg+0x955/0xca0 net/core/rtnetlink.c:6081
netlink\_rcv\_skb+0x153/0x420 net/netlink/af\_netlink.c:2501
netlink\_unicast\_kernel net/netlink/af\_netlink.c:1319 \[inline\]
netlink\_unicast+0x543/0x7f0 net/netlink/af\_netlink.c:1345
netlink\_sendmsg+0x917/0xe10 net/netlink/af\_netlink.c:1921
sock\_sendmsg\_nosec net/socket.c:714 \[inline\]
sock\_sendmsg+0xcf/0x120 net/socket.c:734
\_\_\_\_sys\_sendmsg+0x6eb/0x810 net/socket.c:2482
\_\_\_sys\_sendmsg+0x110/0x1b0 net/socket.c:2536
\_\_sys\_sendmsg+0xf3/0x1c0 net/socket.c:2565
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
RIP: 0033:0x7f5efaa89279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5efbc31168 EFLAGS: 00000246 ORIG\_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5efab9bf80 RCX: 00007f5efaa89279
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
RBP: 00007f5efaae32e9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5efb0cfb1f R14: 00007f5efbc31300 R15: 0000000000022000
</TASK>

Allocated by task 21027:
kasan\_save\_stack+0x1e/0x40 mm/kasan/common.c:38
kasan\_set\_track mm/kasan/common.c:45 \[inline\]
set\_alloc\_info mm/kasan/common.c:437 \[inline\]
\_\_\_\_kasan\_kmalloc mm/kasan/common.c:516 \[inline\]
\_\_\_\_kasan\_kmalloc mm/kasan/common.c:475 \[inline\]
\_\_kasan\_kmalloc+0xa9/0xd0 mm/kasan/common.c:525
kmalloc\_node include/linux/slab.h:623 \[inline\]
kzalloc\_node include/linux/slab.h:744 \[inline\]
qdisc\_alloc+0xb0/0xc50 net/sched/sch\_generic.c:938
qdisc\_create\_dflt+0x71/0x4a0 net/sched/sch\_generic.c:997
attach\_one\_default\_qdisc net/sched/sch\_generic.c:1152 \[inline\]
netdev\_for\_each\_tx\_queue include/linux/netdevice.h:2437 \[inline\]
attach\_default\_qdiscs net/sched/sch\_generic.c:1170 \[inline\]
dev\_activate+0x760/0xcd0 net/sched/sch\_generic.c:1229
\_\_dev\_open+0x393/0x4d0 net/core/dev.c:1441
\_\_dev\_change\_flags+0x583/0x750 net/core/dev.c:8556
rtnl\_configure\_link+0xee/0x240 net/core/rtnetlink.c:3189
rtnl\_newlink\_create net/core/rtnetlink.c:3371 \[inline\]
\_\_rtnl\_newlink+0x10b8/0x17e0 net/core/rtnetlink.c:3580
rtnl\_newlink+0x64/0xa0 net/core/rtnetlink.c:3593
rtnetlink\_rcv\_msg+0x43a/0xca0 net/core/rtnetlink.c:6090
netlink\_rcv\_skb+0x153/0x420 net/netlink/af\_netlink.c:2501
netlink\_unicast\_kernel net/netlink/af\_netlink.c:1319 \[inline\]
netlink\_unicast+0x543/0x7f0 net/netlink/af\_netlink.c:1345
netlink\_sendmsg+0x917/0xe10 net/netlink/af\_netlink.c:1921
sock\_sendmsg\_nosec net/socket.c:714 \[inline\]
sock\_sendmsg+0xcf/0x120 net/socket.c:734
\_\_\_\_sys\_sendmsg+0x6eb/0x810 net/socket.c:2482
\_\_\_sys\_sendmsg+0x110/0x1b0 net/socket.c:2536
\_\_sys\_sendmsg+0xf3/0x1c0 net/socket.c:2565
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd

Freed by task 21020:
kasan\_save\_stack+0x1e/0x40 mm/kasan/common.c:38
kasan\_set\_track+0x21/0x30 mm/kasan/common.c:45
kasan\_set\_free\_info+0x20/0x30 mm/kasan/generic.c:370
\_\_\_\_kasan\_slab\_free mm/kasan/common.c:367 \[inline\]
\_\_\_\_kasan\_slab\_free+0x166/0x1c0 mm/kasan/common.c:329
kasan\_slab\_free include/linux/kasan.h:200 \[inline\]
slab\_free\_hook mm/slub.c:1754 \[inline\]
slab\_free\_freelist\_hook+0x8b/0x1c0 mm/slub.c:1780
slab\_free mm/slub.c:3534 \[inline\]
kfree+0xe2/0x580 mm/slub.c:4562
rcu\_do\_batch kernel/rcu/tree.c:2245 \[inline\]
rcu\_core+0x7b5/0x1890 kernel/rcu/tree.c:2505
\_\_do\_softirq+0x1d3/0x9c6 kernel/softirq.c:571

Last potentially related work creation:
kasan\_save\_stack+0x1e/0x40 mm/kasan/common.c:38
\_\_kasan\_record\_aux\_stack+0xbe/0xd0 mm/kasan/generic.c:348
call\_rcu+0x99/0x790 kernel/rcu/tree.c:2793
qdisc\_put+0xcd/0xe0 net/sched/sch\_generic.c:1083
notify\_and\_destroy net/sched/sch\_api.c:1012 \[inline\]
qdisc\_graft+0xeb1/0x1270 net/sched/sch\_api.c:1084
tc\_modify\_qdisc+0xbb7/0x1a00 net/sched/sch\_api.c:1671
rtnetlink\_rcv\_msg+0x43a/0xca0 net/core/rtnetlink.c:6090
netlink\_rcv\_skb+0x153/0x420 net/netlink/af\_netlink.c:2501
netlink\_unicast\_kernel net/netlink/af\_netlink.c:1319 \[inline\]
netlink\_unicast+0x543/0x7f0 net/netlink/af\_netlink.c:1345
netlink\_sendmsg+0x917/0xe10 net/netlink/af\_netlink.c:1921
sock\_sendmsg\_nosec net/socket.c:714 \[inline\]
sock\_sendmsg+0xcf/0x120 net/socket.c:734
\_\_\_\_sys\_sendmsg+0x6eb/0x810 net/socket.c:2482
\_\_\_sys\_sendmsg+0x110/0x1b0 net/socket.c:2536
\_\_sys\_sendmsg+0xf3/0x1c0 net/socket.c:2565
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd

Second to last potentially related work creation:
kasan\_save\_stack+0x1e/0x40 mm/kasan/common.c:38
\_\_kasan\_record\_aux\_stack+0xbe/0xd0 mm/kasan/generic.c:348
kvfree\_call\_rcu+0x74/0x940 kernel/rcu/tree.c:3322
neigh\_destroy+0x431/0x630 net/core/neighbour.c:912
neigh\_release include/net/neighbour.h:454 \[inline\]
neigh\_cleanup\_and\_release+0x1f8/0x330 net/core/neighbour.c:103
neigh\_del net/core/neighbour.c:225 \[inline\]
neigh\_remove\_one+0x37d/0x460 net/core/neighbour.c:246
neigh\_forced\_gc net/core/neighbour.c:276 \[inline\]
neigh\_alloc net/core/neighbour.c:447 \[inline\]
\_\_\_neigh\_create+0x18b5/0x29a0 net/core/neighbour.c:642
ip6\_finish\_output2+0xfb8/0x1520 net/ipv6/ip6\_output.c:125
\_\_ip6\_finish\_output net/ipv6/ip6\_output.c:195 \[inline\]
ip6\_finish\_output+0x690/0x1160 net/ipv6/ip6\_output.c:206
NF\_HOOK\_COND include/linux/netfilter.h:296 \[inline\]
ip6\_output+0x1ed/0x540 net/ipv6/ip6\_output.c:227
dst\_output include/net/dst.h:451 \[inline\]
NF\_HOOK include/linux/netfilter.h:307 \[inline\]
NF\_HOOK include/linux/netfilter.h:301 \[inline\]
mld\_sendpack+0xa09/0xe70 net/ipv6/mcast.c:1820
mld\_send\_cr net/ipv6/mcast.c:2121 \[inline\]
mld\_ifc\_work+0x71c/0xdc0 net/ipv6/mcast.c:2653
process\_one\_work+0x991/0x1610 kernel/workqueue.c:2289
worker\_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret\_from\_fork+0x1f/0x30 arch/x86/entry/entry\_64.S:306

The buggy address belongs to the object at ffff88802065e000
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 56 bytes inside of
1024-byte region \[ffff88802065e000, ffff88802065e400)

The buggy address belongs to the physical page:
page:ffffea0000819600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20658
head:ffffea0000819600 order:3 compound\_mapcount:0 compound\_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888011841dc0
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page\_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp\_mask 0xd20c0(\_\_GFP\_IO|\_\_GFP\_FS|\_\_GFP\_NOWARN|\_\_GFP\_NORETRY|\_\_GFP\_COMP|\_\_GFP\_NOMEMALLOC), pid 3523, tgid 3523 (sshd), ts 41495190986, free\_ts 41417713212
prep\_new\_page mm/page\_alloc.c:2532 \[inline\]
get\_page\_from\_freelist+0x109b/0x2ce0 mm/page\_alloc.c:4283
\_\_alloc\_pages+0x1c7/0x510 mm/page\_alloc.c:5515
alloc\_pages+0x1a6/0x270 mm/mempolicy.c:2270
alloc\_slab\_page mm/slub.c:1824 \[inline\]
allocate\_slab+0x27e/0x3d0 mm/slub.c:1969
new\_slab mm/slub.c:2029 \[inline\]
\_\_\_slab\_alloc+0x7f1/0xe10 mm/slub.c:3031
\_\_slab\_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3118
slab\_alloc\_node mm/slub.c:3209 \[inline\]
\_\_kmalloc\_node\_track\_caller+0x2f2/0x380 mm/slub.c:4955
kmalloc\_reserve net/core/skbuff.c:358 \[inline\]
\_\_alloc\_skb+0xd9/0x2f0 net/core/skbuff.c:430
alloc\_skb\_fclone include/linux/skbuff.h:1307 \[inline\]
tcp\_stream\_alloc\_skb+0x38/0x580 net/ipv4/tcp.c:861
tcp\_sendmsg\_locked+0xc36/0x2f80 net/ipv4/tcp.c:1325
tcp\_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1483
inet\_sendmsg+0x99/0xe0 net/ipv4/af\_inet.c:819
sock\_sendmsg\_nosec net/socket.c:714 \[inline\]
sock\_sendmsg+0xcf/0x120 net/socket.c:734
sock\_write\_iter+0x291/0x3d0 net/socket.c:1108
call\_write\_iter include/linux/fs.h:2187 \[inline\]
new\_sync\_write fs/read\_write.c:491 \[inline\]
vfs\_write+0x9e9/0xdd0 fs/read\_write.c:578
ksys\_write+0x1e8/0x250 fs/read\_write.c:631
page last free stack trace:
reset\_page\_owner include/linux/page\_owner.h:24 \[inline\]
free\_pages\_prepare mm/page\_alloc.c:1449 \[inline\]
free\_pcp\_prepare+0x5e4/0xd20 mm/page\_alloc.c:1499
free\_unref\_page\_prepare mm/page\_alloc.c:3380 \[inline\]
free\_unref\_page+0x19/0x4d0 mm/page\_alloc.c:3476
\_\_unfreeze\_partials+0x17c/0x1a0 mm/slub.c:2548
qlink\_free mm/kasan/quarantine.c:168 \[inline\]
qlist\_free\_all+0x6a/0x170 mm/kasan/quarantine.c:187
kasan\_quarantine\_reduce+0x180/0x200 mm/kasan/quarantine.c:294
\_\_kasan\_slab\_alloc+0xa2/0xc0 mm/kasan/common.c:447
kasan\_slab\_alloc include/linux/kasan.h:224 \[inline\]
slab\_post\_alloc\_hook mm/slab.h:727 \[inline\]
slab\_alloc\_node mm/slub.c:3243 \[inline\]
slab\_alloc mm/slub.c:3251 \[inline\]
\_\_kmem\_cache\_alloc\_lru mm/slub.c:3258 \[inline\]
kmem\_cache\_alloc+0x267/0x3b0 mm/slub.c:3268
kmem\_cache\_zalloc include/linux/slab.h:723 \[inline\]
alloc\_buffer\_head+0x20/0x140 fs/buffer.c:2974
alloc\_page\_buffers+0x280/0x790 fs/buffer.c:829
create\_empty\_buffers+0x2c/0xee0 fs/buffer.c:1558
ext4\_block\_write\_begin+0x1004/0x1530 fs/ext4/inode.c:1074
ext4\_da\_write\_begin+0x422/0xae0 fs/ext4/inode.c:2996
generic\_perform\_write+0x246/0x560 mm/filemap.c:3738
ext4\_buffered\_write\_iter+0x15b/0x460 fs/ext4/file.c:270
ext4\_file\_write\_iter+0x44a/0x1660 fs/ext4/file.c:679
call\_write\_iter include/linux/fs.h:2187 \[inline\]
new\_sync\_write fs/read\_write.c:491 \[inline\]
vfs\_write+0x9e9/0xdd0 fs/read\_write.c:578

Fixes: af356afa010f ("net\_sched: reintroduce dev->qdisc for use by sch\_api")
Reported-by: syzbot <syzkaller@googlegroups.com>
Diagnosed-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/sched/sch\_api.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/sched/sch\_api.c b/net/sched/sch\_api.c
index c98af0ada706efee202a20a6bfb6f2b984106f45..4a27dfb1ba0faab3692a82969fb8b78768742779 100644
--- a/net/sched/sch\_api.c
+++ b/net/sched/sch\_api.c
@@ -1099,12 +1099,13 @@ static int qdisc\_graft(struct net\_device \*dev, struct Qdisc \*parent,
 
 skip:
 		if (!ingress) {
\-			notify\_and\_destroy(net, skb, n, classid,
-					   rtnl\_dereference(dev->qdisc), new);
+			old = rtnl\_dereference(dev->qdisc);
 			if (new && !new->ops->attach)
 				qdisc\_refcount\_inc(new);
 			rcu\_assign\_pointer(dev->qdisc, new ? : &noop\_qdisc);
 
+			notify\_and\_destroy(net, skb, n, classid, old, new);
+
 			if (new && new->ops->attach)
 				new->ops->attach(new);
 		} else {
-- 
2.38.0.135.g90850a2211-goog

next             reply	other threads:\[~2022-10-18 20:33 UTC|newest\]

**Thread overview:** 16+ messages / expand\[flat|nested\]  mbox.gz  Atom feed  top
**2022-10-18 20:32 Eric Dumazet \[this message\]**
2022-10-20  0:50 \` \[PATCH net\] net: sched: fix race condition in qdisc\_graft() patchwork-bot+netdevbpf
2022-11-03 13:34 \` Gal Pressman
2022-11-03 15:17   \` Eric Dumazet
2022-11-03 15:27     \` Jakub Kicinski
2022-11-03 15:29       \` Eric Dumazet
2022-11-03 16:30         \` Maxim Mikityanskiy
2022-11-03 16:33           \` Eric Dumazet
2022-11-06  8:07             \` Gal Pressman
2022-11-10  9:08               \` Gal Pressman
2022-11-20  7:42                 \` Gal Pressman
2022-11-20 16:09                   \` Eric Dumazet
2022-11-20 16:43                     \` Gal Pressman
2022-11-20 17:00                       \` Eric Dumazet
2022-11-20 21:39                         \` Максим
2022-11-21  8:08                           \` Gal Pressman

**Reply instructions:**

You may reply publicly to this message via plain-text email
using any one of the following methods:

\* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting\_style#Interleaved\_style

\* Reply using the **\--to**, **\--cc**, and **\--in-reply-to**
  switches of git-send-email(1):

  git send-email \\
    --in-reply-to=20221018203258.2793282-1-edumazet@google.com \\
    --to=edumazet@google.com \\
    --cc=davem@davemloft.net \\
    --cc=dvyukov@google.com \\
    --cc=eric.dumazet@gmail.com \\
    --cc=kuba@kernel.org \\
    --cc=netdev@vger.kernel.org \\
    --cc=pabeni@redhat.com \\
    --cc=syzkaller@googlegroups.com \\
    --cc=xiyou.wangcong@gmail.com \\
    /path/to/YOUR\_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

\* If your mail client supports setting the **In-Reply-To** header
  via mailto: links, try the mailto: link

Be sure your reply has a **Subject:** header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Tag

#linux