Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.

**Project Address**

https://github.com/jkriege2/TinyTIFF

**Security Issue Report**

A global-buffer-overflow issue was discovered in TinyTIFF in tinytiffreader.c file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

**OS information**

    ubuntu@ubuntu:~/Documents/TinyTIFF/src$ uname -a
    Linux ubuntu 5.15.0-58-generic #64~20.04.1-Ubuntu SMP Fri Jan 6 16:42:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
    

**Summary**

AddressSanitizer: global-buffer-overflow (/home/ubuntu/Desktop/TinyTIFF/src/asan\_tinytiffreader+0x4969c6) in \_\_asan\_memcpy

**Problem Code location**

        #0 0x4969c6 in __asan_memcpy (/home/ubuntu/Desktop/TinyTIFF/src/asan_tinytiffreader+0x4969c6)
        #1 0x4cdff4 in TinyTIFFReader_readNextFrame /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c
        #2 0x4cb3e9 in TinyTIFFReader_open /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:921:9
        #3 0x4d10ea in main /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:1058:10
        #4 0x7ffff7c4a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
        #5 0x41c3bd in _start (/home/ubuntu/Desktop/TinyTIFF/src/asan_tinytiffreader+0x41c3bd)
    

Poc file: id8

asan\_tinytiffreader

**compile the test case in the source**

cd TinyTIFF/
cmake .
make -j4
cd src/

modified the tinytiffreader.c file, add harness

int main(int argc, char \*argv\[\]){
       TinyTIFFReaderFile\* tiffr=NULL;
   tiffr=TinyTIFFReader\_open(argv\[1\]); 
   if (!tiffr) { 
	   printf("ERROR reading (not existent, not accessible or no TIFF file)\\n");
   } else { 
        const uint32\_t width=TinyTIFFReader\_getWidth(tiffr); 
        const uint32\_t height=TinyTIFFReader\_getHeight(tiffr);
        const uint16\_t bitspersample=TinyTIFFReader\_getBitsPerSample(tiffr, 0);		
        uint8\_t\* image=(uint8\_t\*)calloc(width\*height, bitspersample/8);  
        TinyTIFFReader\_getSampleData(tiffr, image, 0); 

	printf("%ld\\n",width);
        printf("%ld\\n",height);
        printf("%u\\n",bitspersample);

							///////////////////////////////////////////////////////////////////
							// HERE WE CAN DO SOMETHING WITH THE SAMPLE FROM THE IMAGE 
							// IN image (ROW-MAJOR!)
							// Note: That you may have to typecast the array image to the
							// datatype used in the TIFF-file. You can get the size of each
							// sample in bits by calling TinyTIFFReader\_getBitsPerSample() and
							// the datatype by calling TinyTIFFReader\_getSampleFormat().
							///////////////////////////////////////////////////////////////////
                
        free(image); 
    } 
    TinyTIFFReader\_close(tiffr); 

}

then,complie the tinytiffreader.c

gcc -o tinytiffreader tinytiffreader.c

test with poc

this program will trigger global-buffer-overflow crash. The asan complie program is asan\_tinytiffreader.

**ASAN Report:**

ubuntu@ubuntu:~/Desktop/TinyTIFF/src$ ./asan\_tinytiffreader out/default/crashes/id\\:000008\\,sig\\:11\\,src\\:000016+000007\\,time\\:306221\\,execs\\:34950\\,op\\:splice\\,rep\\:16 
=================================================================
==3817392==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000004e82c3 at pc 0x0000004969c7 bp 0x7fffffffd890 sp 0x7fffffffd058
READ of size 2082441480 at 0x0000004e82c3 thread T0
    #0 0x4969c6 in \_\_asan\_memcpy (/home/ubuntu/Desktop/TinyTIFF/src/asan\_tinytiffreader+0x4969c6)
    #1 0x4cdff4 in TinyTIFFReader\_readNextFrame /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c
    #2 0x4cb3e9 in TinyTIFFReader\_open /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:921:9
    #3 0x4d10ea in main /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:1058:10
    #4 0x7ffff7c4a082 in \_\_libc\_start\_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x41c3bd in \_start (/home/ubuntu/Desktop/TinyTIFF/src/asan\_tinytiffreader+0x41c3bd)

0x0000004e82c3 is located 61 bytes to the left of global variable '<string literal>' defined in 'tinytiffreader.c:653:13' (0x4e8300) of size 62
0x0000004e82c3 is located 0 bytes to the right of global variable '<string literal>' defined in 'tinytiffreader.c:214:32' (0x4e82c0) of size 3
  '<string literal>' is ascii string 'rb'
SUMMARY: AddressSanitizer: global-buffer-overflow (/home/ubuntu/Desktop/TinyTIFF/src/asan\_tinytiffreader+0x4969c6) in \_\_asan\_memcpy
Shadow bytes around the buggy address:
  0x000080095000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080095010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080095020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080095030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080095040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=\>0x000080095050: 00 00 00 00 00 00 00 00\[03\]f9 f9 f9 f9 f9 f9 f9
  0x000080095060: 00 00 00 00 00 00 00 06 f9 f9 f9 f9 00 00 00 00
  0x000080095070: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 07
  0x000080095080: f9 f9 f9 f9 00 00 00 00 00 00 00 03 f9 f9 f9 f9
  0x000080095090: 00 00 00 00 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0000800950a0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==3817392==ABORTING

**use gdb debug this crah**

ubuntu@ubuntu:~/Documents/TinyTIFF/src$ gdb --args ./tinytiffreader id8
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html\>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86\_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/\>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/\>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./tinytiffreader...
(No debugging symbols found in ./tinytiffreader)
gdb-peda$ r id8
Starting program: /home/ubuntu/Documents/TinyTIFF/src/tinytiffreader id8

Program received signal SIGSEGV, Segmentation fault.
\[----------------------------------registers-----------------------------------\]
RAX: 0x7ffdfdd09010 --\> 0x0 
RBX: 0x55555555b2a0 --\> 0x55555555b720 --\> 0xfbad2488 
RCX: 0x0 
RDX: 0x1fa0b8878 
RSI: 0x0 
RDI: 0x7ffdfdd09010 --\> 0x0 
RBP: 0x7fffffffdcd0 --\> 0x7fffffffdda0 --\> 0x7fffffffdef0 --\> 0x7fffffffdf30 --\> 0x0 
RSP: 0x7fffffffdca8 --\> 0x555555555663 (<TinyTIFFReader\_memcpy\_s+51>:	mov    eax,0x0)
RIP: 0x7ffff7f4d8f5 (<\_\_memmove\_avx\_unaligned\_erms+533>:	vmovdqu ymm4,YMMWORD PTR \[rsi\])
R8 : 0x7ffdfdd09010 --\> 0x0 
R9 : 0x0 
R10: 0x22 ('"')
R11: 0x246 
R12: 0x555555555240 (<\_start\>:	endbr64)
R13: 0x7fffffffe020 --\> 0x2 
R14: 0x0 
R15: 0x0
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
\[-------------------------------------code-------------------------------------\]
   0x7ffff7f4d8ec <\_\_memmove\_avx\_unaligned\_erms+524>:	vmovdqu YMMWORD PTR \[r11\],ymm4
   0x7ffff7f4d8f1 <\_\_memmove\_avx\_unaligned\_erms+529>:	vzeroupper 
   0x7ffff7f4d8f4 <\_\_memmove\_avx\_unaligned\_erms+532>:	ret    
=\> 0x7ffff7f4d8f5 <\_\_memmove\_avx\_unaligned\_erms+533>:	vmovdqu ymm4,YMMWORD PTR \[rsi\]
   0x7ffff7f4d8f9 <\_\_memmove\_avx\_unaligned\_erms+537>:	vmovdqu ymm5,YMMWORD PTR \[rsi+0x20\]
   0x7ffff7f4d8fe <\_\_memmove\_avx\_unaligned\_erms+542>:	vmovdqu ymm6,YMMWORD PTR \[rsi+0x40\]
   0x7ffff7f4d903 <\_\_memmove\_avx\_unaligned\_erms+547>:	vmovdqu ymm7,YMMWORD PTR \[rsi+0x60\]
   0x7ffff7f4d908 <\_\_memmove\_avx\_unaligned\_erms+552>:	vmovdqu ymm8,YMMWORD PTR \[rsi+rdx\*1-0x20\]
\[------------------------------------stack-------------------------------------\]
0000| 0x7fffffffdca8 --\> 0x555555555663 (<TinyTIFFReader\_memcpy\_s+51>:	mov    eax,0x0)
0008| 0x7fffffffdcb0 --\> 0x1fa0b8878 
0016| 0x7fffffffdcb8 --\> 0x0 
0024| 0x7fffffffdcc0 --\> 0x1fa0b8878 
0032| 0x7fffffffdcc8 --\> 0x7ffdfdd09010 --\> 0x0 
0040| 0x7fffffffdcd0 --\> 0x7fffffffdda0 --\> 0x7fffffffdef0 --\> 0x7fffffffdf30 --\> 0x0 
0048| 0x7fffffffdcd8 --\> 0x5555555563fb (<TinyTIFFReader\_readNextFrame+886>:	jmp    0x555555556683 <TinyTIFFReader\_readNextFrame+1534>)
0056| 0x7fffffffdce0 --\> 0x0 
\[------------------------------------------------------------------------------\]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
\_\_memmove\_avx\_unaligned\_erms () at ../sysdeps/x86\_64/multiarch/memmove-vec-unaligned-erms.S:436
436	../sysdeps/x86\_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.

you can see "../sysdeps/x86\_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.", I think this problem is caused by abnormal references to Pointers, See this link.This one bug I tested on multiple systems crashed.

CVE-2023-26733: Security-Issue-Report-of-TinyTIFF/README.md at main · 10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF

Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.

Hello,  
I found that IIlegal memory access may lead to arbitrary memory write inside jsvGarbageCollectMarkUsed . When Object property name is marked ，it will be regarfed as nativeStr struct. And read content pointed by property name and marked，which will result arbitrary memory write.  
Please confirm~~  
poc is here:  
espruino1.js.zip

test version:  
commit d543731 (HEAD -> master, origin/master, origin/HEAD) (20200505)

environment

gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0  
run ./espruino poc  
(gdb) r  
Starting program: /home/zdz/Espruino/espruino /home/zdz/debugBug/espruino1.js  
\[Thread debugging using libthread\_db enabled\]  
Using host libthread\_db library "/lib/x86\_64-linux-gnu/libthread\_db.so.1".  
\[New Thread 0x7ffff6e85700 (LWP 4410)\]

| |\_ \_\_\_ \_\_\_ \_ ||\_\_\_ \_\_\_  
| | -| . | | | | | | . |  
||| || |||||\_|  
|| espruino.com  
2v05.41 (c) 2019 G.Williams

Espruino is Open Source. Our work is supported  
only by sales of official boards and donations:  
http://espruino.com/Donate

{ }

Thread 1 "espruino" received signal SIGSEGV, Segmentation fault.  
jsvIsString (  
v=<error reading variable: Cannot access memory at address 0x7fffff7feff0>) at src/jsvar.c:73  
73 bool jsvIsString(const JsVar \*v) { return v && (v->flags&JSV\_VARTYPEMASK)>=\_JSV\_STRING\_START && (v->flags&JSV\_VARTYPEMASK)<=\_JSV\_STRING\_END; } ///< String, or a NAME too  
(gdb) bt  
#0 jsvIsString (  
v=<error reading variable: Cannot access memory at address 0x7fffff7feff0>) at src/jsvar.c:73  
#1 0x0000555555565728 in jsvHasCharacterData (v=0x7ffff6644610)  
at src/jsvar.c:384  
#2 0x000055555556f8d2 in jsvGarbageCollectMarkUsed (var=0x7ffff6644610)  
at src/jsvar.c:3715  
#3 0x000055555556f97a in jsvGarbageCollectMarkUsed (var=0x7ffff6644650)  
at src/jsvar.c:3730  
#4 0x000055555556f9cb in jsvGarbageCollectMarkUsed (var=0x7ffff6644670)  
at src/jsvar.c:3738

Dongzhuo Zhao working with ADLab of Venustech

CVE-2020-23257: IIlegal memory access may lead to arbitrary memory write inside jsvGarbageCollectMarkUsed  · Issue #1820 · espruino/Espruino

OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd.

**背景**

2022年，渗透测试某智能网联汽车，车型TBOX由均联智行开发，TBOX MPU中发现5G模组升级文件。拆包后，进行漏洞挖掘，发现存在多个漏洞，漏洞详情通过邮件发送给移远通信，他们修复后，让我们提交CVE。

**CVE编号**

CVE-2023-26921

**漏洞描述：**

AG550QCN模组ql\_atfwd对AT指令'AT+QABFOTA=“package”... '处理时，参数过滤不严格，存在命令注入漏洞，可以直接root权限执行任意命令，并反弹shell。

    2023.04.04 ql_atfwd已经上传至仓库。
    

**受影响模组基本信息：**

            模组：AG550QCN
            模组系统版本：Linux sa515m 4.14.206-perf #1 PREEMPT Sat Jun 11 02:53:21 CST 2022 armv7l GNU/Linux
    

**漏洞详情：**

1、at fwd程序 支持QABFOTA命令

2、进入处理函数5AF4

3、off\_267C4是子功能列表，\["reboot",func\_reboot,"state",func\_state…\]

3、分析package处理函数 sub\_11B20+1

4、system(s)函数，其中s直接引用用户的输入，没有做过滤

**POC：****MPU执行下列命令，另4g module重启**

Echo 'AT+QABFOTA="package",1&&reboot' >/dev/ttyUSB1

**4G模组执行**

Ql_cmd at 'AT+QABFOTA="package",1&&reboot' 5、进入模组使用strace分析，可以看到命令被添加到"sh","-c","fotainfo…" 中 

cyber security researcher sen.yuan@bangcle.com

CVE-2023-26921: AG550QCN_CommandInjection_ql_atfwd/README.md at main · closethe/AG550QCN_CommandInjection_ql_atfwd

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.

**“无限”传输**

kiftd简约不简单。视频播放、文档预览、图片查看、音乐播放、拖拽上传、移动端访问、WebDAV支持……这些功能，对kiftd来说都是标配。

**真正跨平台**

Windows？Linux？Mac？kiftd不通过开发不同的版本实现跨平台。一个版本，3大舞台，这才是真正的跨平台。

**即开即用**

有一种安装叫做“解压即用”——没有复杂的安装和配置过程，真正做到即开即用；还有一种卸载叫做“删除即走”——绝不和您撒娇卖萌。

**马上了解kiftd的一切**

您还在使用U盘分享文件么？您还在使用公共网盘保存隐私文件？您需要利用自己的资源搭建起一个网盘系统而苦于没有好的选择？现在，您可以选择kiftd了。 功能速览……

**3分钟快速开始**

让只会点击鼠标的小白用户完成一个完整的网盘系统部署工作需要多久？对于kiftd来说，设计耗时为3分钟——没有任何复杂的配置流程，解压，然后运行，开始就是这么简单。 快速开始……

**了解最新版本信息**

kiftd一直朝着更加完善的目标迈进，每个新版本都会加入一些实用的新功能并进一步提高其稳定性。 最新讯息……

**立即获取源代码**

无论您是希望探索kiftd内部的奥秘还是对其进行DIY，您都可以随时下载kiftd的源代码！ 立即编译……

**程序接入指南**

kiftd面向的用户除了真人以外，也包括另一个JAVA程序——只需编写一些简单的代码，便可实现由另外一个JAVA程序控制kiftd，作为其文件分享模块使用。 程序接入……

CVE-2020-19699: kiftd 一款开源、完善、便捷的个人网盘搭建系统

A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.

    # Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS) # Date: [12/21/2022 02:07:23 AM UTC]# Exploit Author: [geeklinuxman@gmail.com]# Vendor Homepage: [https://www.red-gate.com/]# Software Link: [https://www.red-gate.com/products/dba/sql-monitor/]# Version: [SQL Monitor 12.1.31.893]# Tested on: [Windows OS]# CVE : [CVE-2022-47870] [Description] Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. [Affected Component] affected returnUrl inhttps://sqlmonitor.*.com/Account/Login?returnUrl=&hasAttemptedCookie=True affected A tag under span with "redirect-timeout" id value [CVE Impact] disclosure of the user's session cookie, allowing an attacker tohijack the user's session and take over the account. [Attack Vectors] to exploit the vulnerability, someone must click on the malicious AHTML tag under span with "redirect-timeout" id value [Vendor] http://redgate.com http://sqlmonitor.com https://sqlmonitor.

CVE-2022-47870: SQL Monitor 12.1.31.893 Cross Site Scripting ≈ Packet Storm

Red Hat Security Advisory 2023-1559-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1559-01

Red Hat Security Advisory 2023-1588-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:1588-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1588  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.81.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.81.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.aarch64.rpm  
perf-4.18.0-147.81.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.81.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.81.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.81.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.81.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.81.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.81.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.81.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
perf-4.18.0-147.81.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.81.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.81.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.x86_64.rpm  
perf-4.18.0-147.81.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.81.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqp9zjgjWX9erEAQiaXhAAg1lFw+m+yEwVdLTbaGOkzg0Wla/fIFT9  
KiLKyv/l8wHRKUHFkcyNXD35Ux2Ob+BFkEwR2CddOf+6ZJQz9cM9IroCQ4fgiNrp  
wlRWQYtKfq37HTUXP5Heiwqe7yw1eiZdZ/UuqoERReyreMdUjahKuP4w/UxG1+Pw  
/xyNL10Oz52Ws/qGyLAv4UB55b4h94FwNDhskvVkw9/hCk0qMJrcECDZn+YLoCg3  
VaN/MGl8uSRMf3DKnyw/Z/2v9AZd0X4AqKmzbNWUFyQ86bwaVSC37B/G5uQQZTSS  
XlnjwUgOLjg+SoxN7UrYcC3It+7UAx7Gbg5gezXXzCWjRXhn/Tqc9Y/+opMJC21X  
2HkK2RvVftM06R56RF2/RMTmIf6nbXO0d0unegB0RFk+wd1Q68/8osnYfsG/DFaK  
k3TMxoUX1IlWVdrxHvp8BswFc9wStM6bdGSXm47STQne1orr9iDXJMuq9KsD9ZBT  
9nvp/1gj/aLKNaCyH8LxgAKASR+KmtBQUAvV9RF0slNRkiDOGl2WwoZGYGA1uVp6  
azPCBxaE5NUiiWgAnVcYCQimQh7Joqcz0szw7BDHuaF2RziR+vo0DqDR7xNameTH  
dCfVA4WEMEE/jeb6XumN2uH+SktTrjaM1owIRj6kxp7U0WinajB3VVVahd31R8mi  
vcBom9i111Y=wiwd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1588-01

Red Hat Security Advisory 2023-1556-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:1556-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1556  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266 CVE-2023-0461  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.8.4) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt RHEL-8.4: disable KASAN, KCSAN and UBSAN for kernel-rt  
(BZ#2165124)

* kernel-rt: update RT source tree to the RHEL-8.4.z16 source tree (async)  
(BZ#2183403)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqnNzjgjWX9erEAQji3hAAiJOllK9VciQkxLUO2WiKQB4mig+cDp8n  
1Zm4g3/zeZMyYPoLFK5UjqlGNx2Ir+JowUkNqZz0jLibhu1WgArykSeUPnilRbA+  
Sq/EDfTF8inG+j39aynJPRIaalHGvW6wYpSuQU/moA9bPUdNvY8G5A0d/gJZAsuc  
SYbc5ylut7aZXaHeI7oDkdQw/udJJcmuD/+HORP8JLQeNvnb8UJmrMU0hgsoqhr6  
nl3FfYUdiR5vriZNIbxeNS9PD7K+MPsEkW51xPYkw7CzpXMfgG8otZLTwQBOuS9P  
bIJicxp3Zhg2W5ho5pO0DjKPlaHlBX88QYx5VNlxM/KN9unESDI1KhChEUva9+Ck  
97iU7CfAZgDWJ2PMPyW3cS9Og3Efep9kW05OLWo/K7rrQlEiZ/4n/DhLxHnUSGhK  
tTUkFb/4fXXeTQ+HTBEuWGq7SGDgMsHRmpQOEXVwrqkatTgwaQ5t2r6ka6+QQzra  
h2D8/VRuo0jgswN2ftM/4kHvLvh97/Rgy/W4yy3FENu6Bem8MvVaSG2QiGoKLZZH  
bNXFzHNoEX7FeYwagGm8s2R7vhzm6LO0XV0uh+2lY0iXU0/6moYRzK0PmN+fIGJS  
eU7Oh0VUxkKKb9AQO4EEraQcuEuw7HQpZSG13M17h977KJU6kBmDWZ0pzLX+VMYd  
V88Bo6k9bAs=ZtTu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1556-01

Red Hat Security Advisory 2023-1557-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:1557-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1557  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266 CVE-2023-0461  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - s390/kexec: fix ipl report address for kdump (BZ#2166298)

* Windows Server 2019 guest randomly pauses with "KVM: entry failed,  
hardware error 0x80000021" (BZ#2166370)

* net/mlx5e: Fix use-after-free when reverting termination table  
(BZ#2167642)

* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver  
(BZ#2167712)

* Backport Request for locking/rwsem commits (BZ#2170941)

* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172552)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kernel-4.18.0-305.86.2.el8_4.src.rpm

aarch64:  
bpftool-4.18.0-305.86.2.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.86.2.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.86.2.el8_4.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.86.2.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.86.2.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
perf-4.18.0-305.86.2.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
python3-perf-4.18.0-305.86.2.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.86.2.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqpNzjgjWX9erEAQhNnQ/6AnZAPNsQP57RzYKHpfsxGVnmstglO5F6  
sZKj5ws2E9G9aF23qbUK5nYW5tN2QUNtlQK7Ns1H6HcBKYp8iQrFaVAlaEKpby3F  
l9cHjajeHazw3KQd2OtgL34XnMjDDJulMZExgqJARG9sjjQDqUIOApq58Ly57xh/  
r2wUWqOlWh92B2P/W8Yd9fMNtapakCj9WdQKh2zl9ZMH7J715TIg821NDgHpbdHS  
T1oJAST44PoDW38v9W1HpeHz6/Dax0M9sdJa6JbqIxN9bK4+vi+9uaAIOR2GAG8n  
P4SsbXJewH4QRHzTawYg5QoCSc4CpkWbuhCsz1vH+PS43iZNDw5EAUJe/tjIshmb  
XvR49AywCGvLkMmHOuqn3bAHqwNdeQKx7fRuMU/wahE1nSDDkXPb9XocV6Hu1rur  
K1Z6tYpPXqTMpXKDEdRyiJXL1V96dYMehVqgPkTjdw1dYCEjI1Tjj+oewj4EJwMG  
qoW5mj6Hwi/AP0Oybi0LoL2usjB0y96X4fVb/B4qrmDMLHoz/nJacmTASmYnY19X  
WG4xzWwmCUfO3Jh7AVth7fBqZmTik0+Lj+0T417QsZ73vAJ75OzGjzSN4GYeASUr  
KD3PJNMq0BJ8XnpkLqJm65CvmRHJnrix6M+AzsSIKFnAyhKTvUeCeY9eVqmFhcEd  
KO+uCDHR3AIÏpp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1557-01

Red Hat Security Advisory 2023-1586-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pesign security update  
Advisory ID:       RHSA-2023:1586-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1586  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-3560  
====================================================================  
1. Summary:

An update for pesign is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, x86_64

3. Description:

The pesign packages provide the pesign utility for signing UEFI binaries as  
well as other associated tools.

Security Fix(es):

* pesign: Local privilege escalation on pesign systemd service  
(CVE-2022-3560)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135420 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
pesign-0.112-25.el8_1.1.src.rpm

aarch64:  
pesign-0.112-25.el8_1.1.aarch64.rpm  
pesign-debuginfo-0.112-25.el8_1.1.aarch64.rpm  
pesign-debugsource-0.112-25.el8_1.1.aarch64.rpm

x86_64:  
pesign-0.112-25.el8_1.1.x86_64.rpm  
pesign-debuginfo-0.112-25.el8_1.1.x86_64.rpm  
pesign-debugsource-0.112-25.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3560  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqnNzjgjWX9erEAQiWzA/+OfCZ8FqHTlCqshqwNyOQsZXODIZaJ27z  
Z9l2yvVBtOQ1YuH8g5DiQnqSpQzzn8mLMLi5tNnLMnvAq9AvtVUIVQVM55CoXXkJ  
I234s7rk3zPy0XZseb0BJGw2Zw/bbSSNFY65dVeAsPZwYYNxfCB5v0/3pOxdOezN  
GpsusEpyYSEAuLTN2WSAUywndsUPHHUQ7cV4YaM51IJmUu6VWCvEmawi3jqXpptT  
lNVys6F/pmypMwwshb9d3Q3V8qph6v1PnGwRzuiYqvB3MHdAYff7XWvNmwU1Mskn  
1sPN9Ot642t4hhPLWWVqj4oMz3RElFT594oKU3HG2GeWo4yQq5vmgXmrKRGxT6cy  
3Aqa1VOgjRRtL7xsA96PmC7mniqX1+7wKHYRz1gDPMiOQ9n+iwi37NBwUZjRCAZd  
N6Fn8+RkE7aFYx07PlET9apLhAMO6RvEKopE/Kx4iv9+sMWwjIvbgpCA3b8dKugO  
xn7tN20wYO3hUjgnFhdiNHiYuLT8Y3QW4wjhRvgdYX98L5pmeFvOiqzU7qIX32Dt  
Ow0R3MiN0qC4kd0ecgiNfRd3BAwGlu6lo16d34awUCBh9EX0Y4oXGWXzu4A1V/27  
w98c3GMAw5VC8rklDk+qiVgctbBknr7Y+Lm8rhfwN4lBziO2oZGhZaR/7T4f1olx  
t0peXK3PCkg=+vZz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux