Red Hat Security Advisory 2022-8493-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: python3.9 security update  
Advisory ID:       RHSA-2022:8493-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8493  
Issue date:        2022-11-16  
CVE Names:         CVE-2022-42919  
====================================================================  
1. Summary:

An update for python3.9 is now available for Red Hat Enterprise Linux 9 and  
Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: local privilege escalation via the multiprocessing forkserver  
start method (CVE-2022-42919)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138705 - CVE-2022-42919 python: local privilege escalation via the multiprocessing forkserver start method

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
python3-devel-3.9.10-4.el9_0.aarch64.rpm  
python3-tkinter-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.aarch64.rpm

noarch:  
python-unversioned-command-3.9.10-4.el9_0.noarch.rpm

ppc64le:  
python3-devel-3.9.10-4.el9_0.ppc64le.rpm  
python3-tkinter-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-4.el9_0.ppc64le.rpm

s390x:  
python3-devel-3.9.10-4.el9_0.s390x.rpm  
python3-tkinter-3.9.10-4.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-4.el9_0.s390x.rpm

x86_64:  
python3-devel-3.9.10-4.el9_0.i686.rpm  
python3-devel-3.9.10-4.el9_0.x86_64.rpm  
python3-tkinter-3.9.10-4.el9_0.x86_64.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-4.el9_0.x86_64.rpm

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
python3-devel-3.9.14-1.el9_1.1.aarch64.rpm  
python3-tkinter-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.aarch64.rpm

noarch:  
python-unversioned-command-3.9.14-1.el9_1.1.noarch.rpm

ppc64le:  
python3-devel-3.9.14-1.el9_1.1.ppc64le.rpm  
python3-tkinter-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.ppc64le.rpm

s390x:  
python3-devel-3.9.14-1.el9_1.1.s390x.rpm  
python3-tkinter-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.s390x.rpm

x86_64:  
python3-devel-3.9.14-1.el9_1.1.i686.rpm  
python3-devel-3.9.14-1.el9_1.1.x86_64.rpm  
python3-tkinter-3.9.14-1.el9_1.1.x86_64.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.x86_64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
python3.9-3.9.10-4.el9_0.src.rpm

aarch64:  
python3-3.9.10-4.el9_0.aarch64.rpm  
python3-libs-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.aarch64.rpm

ppc64le:  
python3-3.9.10-4.el9_0.ppc64le.rpm  
python3-libs-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-4.el9_0.ppc64le.rpm

s390x:  
python3-3.9.10-4.el9_0.s390x.rpm  
python3-libs-3.9.10-4.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-4.el9_0.s390x.rpm

x86_64:  
python3-3.9.10-4.el9_0.x86_64.rpm  
python3-libs-3.9.10-4.el9_0.i686.rpm  
python3-libs-3.9.10-4.el9_0.x86_64.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-4.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
python3.9-3.9.14-1.el9_1.1.src.rpm

aarch64:  
python3-3.9.14-1.el9_1.1.aarch64.rpm  
python3-libs-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.aarch64.rpm

ppc64le:  
python3-3.9.14-1.el9_1.1.ppc64le.rpm  
python3-libs-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.ppc64le.rpm

s390x:  
python3-3.9.14-1.el9_1.1.s390x.rpm  
python3-libs-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.s390x.rpm

x86_64:  
python3-3.9.14-1.el9_1.1.x86_64.rpm  
python3-libs-3.9.14-1.el9_1.1.i686.rpm  
python3-libs-3.9.14-1.el9_1.1.x86_64.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.x86_64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
python3-debug-3.9.10-4.el9_0.aarch64.rpm  
python3-idle-3.9.10-4.el9_0.aarch64.rpm  
python3-test-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.aarch64.rpm

ppc64le:  
python3-debug-3.9.10-4.el9_0.ppc64le.rpm  
python3-idle-3.9.10-4.el9_0.ppc64le.rpm  
python3-test-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-4.el9_0.ppc64le.rpm

s390x:  
python3-debug-3.9.10-4.el9_0.s390x.rpm  
python3-idle-3.9.10-4.el9_0.s390x.rpm  
python3-test-3.9.10-4.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-4.el9_0.s390x.rpm

x86_64:  
python3-3.9.10-4.el9_0.i686.rpm  
python3-debug-3.9.10-4.el9_0.i686.rpm  
python3-debug-3.9.10-4.el9_0.x86_64.rpm  
python3-idle-3.9.10-4.el9_0.i686.rpm  
python3-idle-3.9.10-4.el9_0.x86_64.rpm  
python3-test-3.9.10-4.el9_0.i686.rpm  
python3-test-3.9.10-4.el9_0.x86_64.rpm  
python3-tkinter-3.9.10-4.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-4.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-4.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-4.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
python3-debug-3.9.14-1.el9_1.1.aarch64.rpm  
python3-idle-3.9.14-1.el9_1.1.aarch64.rpm  
python3-test-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.aarch64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.aarch64.rpm

ppc64le:  
python3-debug-3.9.14-1.el9_1.1.ppc64le.rpm  
python3-idle-3.9.14-1.el9_1.1.ppc64le.rpm  
python3-test-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.ppc64le.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.ppc64le.rpm

s390x:  
python3-debug-3.9.14-1.el9_1.1.s390x.rpm  
python3-idle-3.9.14-1.el9_1.1.s390x.rpm  
python3-test-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.s390x.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.s390x.rpm

x86_64:  
python3-3.9.14-1.el9_1.1.i686.rpm  
python3-debug-3.9.14-1.el9_1.1.i686.rpm  
python3-debug-3.9.14-1.el9_1.1.x86_64.rpm  
python3-idle-3.9.14-1.el9_1.1.i686.rpm  
python3-idle-3.9.14-1.el9_1.1.x86_64.rpm  
python3-test-3.9.14-1.el9_1.1.i686.rpm  
python3-test-3.9.14-1.el9_1.1.x86_64.rpm  
python3-tkinter-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debuginfo-3.9.14-1.el9_1.1.x86_64.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.i686.rpm  
python3.9-debugsource-3.9.14-1.el9_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42919  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3Tdy9zjgjWX9erEAQgQlw/9E/baKrYdqjoFn64jSV6ZuTpuwLk4QAON  
BczOHAzegRliHncid+gSkHU2Wgv+WlMfGgaS2crj528jrazl4fPFUNSOB4wM4ZlZ  
AM/9elfinOBCnwRxEDHIix6uvLlUIH6NvmVip0PPMcMYmRRZB1MUh+22XzjzchIM  
UwztMKJsPgMd35Z6aiKUzwmhFT2dq8uY3x4LTRlkA41jgX6eyeCmQugJF8CoeBrg  
kNdejMJjwHX+RZ6q0jP7Pm4eiSVEIst3zyzuZw/EJKj7bIjZmcGUNfgr+4PR0yql  
XwOeTmj2bfP7nFm5zDTaLvhLdLYKU/L23AfQsMl2Hvja+LT7sZqRWIssYkHm7bfo  
mM5L7mHVpoQYCEfIPlrHUNv0Dcc4NLG8EMfOnMp87UN1nVlBv8+kVpINea8LQFYn  
SWeM7U+uQTRCjIokaC0Zq31hOmFDJ+RlRvFaXSU2Ak1a8yt4FNBF3Nt8l4T818fG  
CGR1sCrHDHl2XvODMAvBCuge14Jjx4updyfOC5kNb7VyC0FZh9WAJQwEAPhSP4Zf  
RYKD3Hn6/O8AKQgRCiLkBC+IWOpGah2dNgbFUbSbyRhIbbJIZF7YLciOibKypfqw  
j2/cKt2Blol1nGH+XI0qXhoazi0cadt51SlZU1RGgg6wx/NuFjfELa62hXbhRCTz  
X/+FBFRPF9Q=KI+u  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8493-01

Red Hat Security Advisory 2022-8491-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include buffer overflow and memory leak vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: xorg-x11-server security update  
Advisory ID:       RHSA-2022:8491-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8491  
Issue date:        2022-11-16  
CVE Names:         CVE-2022-3550 CVE-2022-3551  
====================================================================  
1. Summary:

An update for xorg-x11-server is now available for Red Hat Enterprise Linux  
7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

X.Org is an open-source implementation of the X Window System. It provides  
the basic low-level functionality that full-fledged graphical user  
interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c  
(CVE-2022-3550)

* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c  
(CVE-2022-3551)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2140698 - CVE-2022-3550 xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c  
2140701 - CVE-2022-3551 xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
xorg-x11-server-1.20.4-19.el7_9.src.rpm

x86_64:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
xorg-x11-server-source-1.20.4-19.el7_9.noarch.rpm

x86_64:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
xorg-x11-server-1.20.4-19.el7_9.src.rpm

noarch:  
xorg-x11-server-source-1.20.4-19.el7_9.noarch.rpm

x86_64:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
xorg-x11-server-1.20.4-19.el7_9.src.rpm

ppc64:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.ppc64.rpm

ppc64le:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.ppc64le.rpm

s390x:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.s390x.rpm

x86_64:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
xorg-x11-server-source-1.20.4-19.el7_9.noarch.rpm

ppc64:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.ppc.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.ppc64.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.ppc.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.ppc64.rpm

ppc64le:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.ppc64le.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.ppc64le.rpm

s390x:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.s390x.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.s390x.rpm

x86_64:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
xorg-x11-server-1.20.4-19.el7_9.src.rpm

x86_64:  
xorg-x11-server-Xephyr-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xorg-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-common-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
xorg-x11-server-source-1.20.4-19.el7_9.noarch.rpm

x86_64:  
xorg-x11-server-Xdmx-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xnest-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xvfb-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-Xwayland-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-debuginfo-1.20.4-19.el7_9.x86_64.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.i686.rpm  
xorg-x11-server-devel-1.20.4-19.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3550  
https://access.redhat.com/security/cve/CVE-2022-3551  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3TdztzjgjWX9erEAQh7EQ//e2uR00MH8rSXUcWWCH5uXJiuMY9TDdpG  
O+7zT+8hTue1bxulTSoGm3H+sgFg0QtGCWzwc5/mXkJyKIVWFiMP+IqmoX53Cl3g  
E/Iay8Q3iubcCgR2HAPD4vu4ZzzeIBVUe0RHoTdhiqs2Au8raKdoWsU1ZeE65lD9  
mc/GNwzugMyyqKDCRbxh4GpqwYU/P9bQEBaVZq8Jz8eRc6UdGPmd7V+P9E7VuyGd  
AERmfuKUb70tdSToAWUKBNjQnfgPHP3fC10xFEqm9nhyswxrQEH+eYF2rkp0TfyT  
y9C/KF98hiiNy46i9pS8QV/tkAVaDwOgFcZ1GnOk+AsfWCrqbmU/9HzEznmY5An7  
v4v+ObIRiJMJdEiDMtT1oCKWPWmIdGF57I1a/xnDHT6441gmsOX/ZzcBnBChoUvZ  
37aw70WN6sWZUFWWX+QJTGOqiWlbExbak9MiNRZ6bAYwt537o7Y6yDra7+K3YB/A  
P3whL4wsG5Rge/XjVv110kijTGpj3v5wOYmVbsy80a/d/vvBJGQ/UJb1fEA8Hwdc  
u9NudLg5aKOEbADe/EGRWPNm7JGG2x/st23XfMZQjNR6I1oitHNTaVee+8bJHiV+  
kf71vnnq9wDVm3fvK0fEW4MtJCSl3VWtxJXSgCrCAtJ0vtSBD4ZRl0RUipT2XuNL  
LMV4KibkhLM=h54m  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8491-01

Red Hat Security Advisory 2022-8492-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-8492-01

Debian Linux Security Advisory 5281-1 - It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5281-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 15, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : nginxCVE ID         : CVE-2022-41741 CVE-2022-41742It was discovered that parsing errors in the mp4 module of Nginx, ahigh-performance web and reverse proxy server, could result in denialof service, memory disclosure or potentially the execution of arbitrarycode when processing a malformed mp4 file.This module is only enabled in the nginx-extras binary package.For the stable distribution (bullseye), these problems have been fixed inversion 1.18.0-6.1+deb11u3.We recommend that you upgrade your nginx packages.For the detailed security status of nginx please refer toits security tracker page at:https://security-tracker.debian.org/tracker/nginxFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8Tjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqci3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60yRP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3th0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWaPUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVEFrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQsuepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45kVBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4BkAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMlGTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1/R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY-----END PGP SIGNATURE-----

Debian Security Advisory 5281-1

Debian Linux Security Advisory 5280-1 - Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass of UEFI Secure Boot on affected systems.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5280-1                   security@debian.orghttps://www.debian.org/security/                           Steve McIntyreNovember 15, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : grub2CVE ID         : CVE-2022-2601 CVE-2022-3775Several issues were found in GRUB2's font handling code, which couldresult in crashes and potentially execution of arbitrary code. Thesecould lead to by-pass of UEFI Secure Boot on affected systems.Further, issues were found in image loading that could potentiallylead to memory overflows.For the stable distribution (bullseye), these problems have been fixed inversion 2.06-3~deb11u4.We recommend that you upgrade your grub2 packages.For the detailed security status of grub2 please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/grub2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNz7UlfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QAChAAgkTxbFH4Hn0B++K8FgZRI3fw9pacWN+qYOqTOLyUFPzOW3oX3VZEkXr/1jQ+pzuylet+aFZDLOyH3y5+sOpt4I5IRCn1INYP8ESXK1m+u68aEo1V5jO+la7I0L5ZlIjc7c2IJXO6ZRHnOmJxwcZ9bje4vawfa7rT8k4dlSXoICAg2P70VYnqKljZRdZv+5pNmr4120Fts2tnolI83Rvc/gfP1ru+PWo8Tf0QDihP1pELlpMUtf8Wz0hkpRGuzfVAEN16517Ssasg1rKRa+SSEKnuHXtrUOpDsVNqQwVGac+kOXMUKW08azukTLlUaWp9MZBiVIXUJnJ8dYWf3ZaO9w5rUPwE8f+urMmj5w+z+v6TuMgE8IGcNr77S7Dx142gb9Xp1nVoXqu/1Fgk/7JbErbrDUBMIHDoLmsreNrr0r/o/6BfCu/yvMY5da9VXsD69E8W1V0lJ/UOL38GXW571osReLp7CEWSQf4jxwGRlLyqBkJfVL7+rMDjHL9WPSxLKfW3/9VygQwblRt6tzfzwruToXZLr4A5QCs86ncBFviX7IZpALi56MV+QQwRXXYp9Y2dL8ZIphZ95oli6jHHqhgQlsnUZqge0JIfrsRmJrLXD1jl4RNL+UzirFbI8wO/Mz3udB9HOmt5JEizWW7JFJfY8h+U1G3+ML2drhAiSgU=yxcT-----END PGP SIGNATURE-----

Debian Security Advisory 5280-1

Red Hat Security Advisory 2022-8207-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Low: openjpeg2 security update  
Advisory ID:       RHSA-2022:8207-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8207  
Issue date:        2022-11-15  
CVE Names:         CVE-2022-1122  
====================================================================  
1. Summary:

An update for openjpeg2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenJPEG is an open source library for reading and writing image files in  
JPEG2000 format.

Security Fix(es):

* openjpeg: segmentation fault in opj2_decompress due to uninitialized  
pointer (CVE-2022-1122)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2067052 - CVE-2022-1122 openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
openjpeg2-2.4.0-7.el9.src.rpm

aarch64:  
openjpeg2-2.4.0-7.el9.aarch64.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm  
openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm

ppc64le:  
openjpeg2-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm

s390x:  
openjpeg2-2.4.0-7.el9.s390x.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm  
openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm

x86_64:  
openjpeg2-2.4.0-7.el9.i686.rpm  
openjpeg2-2.4.0-7.el9.x86_64.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm  
openjpeg2-debugsource-2.4.0-7.el9.i686.rpm  
openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
openjpeg2-debuginfo-2.4.0-7.el9.aarch64.rpm  
openjpeg2-debugsource-2.4.0-7.el9.aarch64.rpm  
openjpeg2-devel-2.4.0-7.el9.aarch64.rpm  
openjpeg2-tools-2.4.0-7.el9.aarch64.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.aarch64.rpm

ppc64le:  
openjpeg2-debuginfo-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-debugsource-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-devel-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-tools-2.4.0-7.el9.ppc64le.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.ppc64le.rpm

s390x:  
openjpeg2-debuginfo-2.4.0-7.el9.s390x.rpm  
openjpeg2-debugsource-2.4.0-7.el9.s390x.rpm  
openjpeg2-devel-2.4.0-7.el9.s390x.rpm  
openjpeg2-tools-2.4.0-7.el9.s390x.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.s390x.rpm

x86_64:  
openjpeg2-debuginfo-2.4.0-7.el9.i686.rpm  
openjpeg2-debuginfo-2.4.0-7.el9.x86_64.rpm  
openjpeg2-debugsource-2.4.0-7.el9.i686.rpm  
openjpeg2-debugsource-2.4.0-7.el9.x86_64.rpm  
openjpeg2-devel-2.4.0-7.el9.i686.rpm  
openjpeg2-devel-2.4.0-7.el9.x86_64.rpm  
openjpeg2-tools-2.4.0-7.el9.i686.rpm  
openjpeg2-tools-2.4.0-7.el9.x86_64.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.i686.rpm  
openjpeg2-tools-debuginfo-2.4.0-7.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1122  
https://access.redhat.com/security/updates/classification/#low  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3PhFdzjgjWX9erEAQgS1Q/9EQDOF4ZawRGe05n43/uEPJi5FJfO0gHE  
6Bf8P9zQPJG0xzs3ZeCJ2HrX8WaN/6VX+N1/Cz0lzO3IVd8biwggdZ2S7EjL8+VT  
cpM2O5EqYS7ScLGnxurEjPXd1D8kcJC6aanu1a5ztiK6tXp693XVtb9EYBRUDtRg  
dgY6qU3xdM5JDwdfXqFeZoHd2/Aaf0DVTLlGyOgSF1NF/whoC60lLPRC9xKRAT8n  
XObHjEm7HyMGrIUPaoSIbzG1pHEjHMT2HyNKXnthzaBSOUaTjtATLSyi9uMvjOpn  
LyyElibSatxRw6YV0k//cprLhvIeRIBk34KGd5uyZEC4BPaeY4I6bmtw1www1zcr  
5DSvjuJP0ZmBEfjY018ibfHbiG+DKafwiTRjxQFz1F2Gn9ug7CVoDd2xTsDF8irq  
APo8aIVQXZFtQ7szURxDUuHEuG7FhylN4NyKvwv9gbqti7hGO7rL9Tzx4eb3Azmg  
CClV4fO7DjWrkmPguyE/Y9Y9u2M/tfCKFzeIfoJ4ykb3QZoqs6eHa+0jX89Dq1AT  
1i0sEREsAcPDN/soUkZ5RnrD82xagCzFEHyukOM78g9LzWgZoU143bIFMfV9Cuz2  
J+dBXf67ygMFbc7F+n8DuEoL2tNzVjkvl9ig9ykrkkkkSnb3kTxp1Zk6QzNhmRP9  
kgngEo/g17c=wQvP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8207-01

Red Hat Security Advisory 2022-8291-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Issues addressed include a buffer over-read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: rsync security and bug fix update  
Advisory ID:       RHSA-2022:8291-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8291  
Issue date:        2022-11-15  
CVE Names:         CVE-2022-37434  
====================================================================  
1. Summary:

An update for rsync is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - noarch  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The rsync utility enables the users to copy and synchronize files locally  
or across a network. Synchronization with rsync is fast because rsync only  
sends the differences in files over the network instead of sending whole  
files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

* zlib: heap-based buffer over-read and overflow in inflate() in inflate.c  
via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2053198 - rsync segmentation fault  
2077431 - Read-only files that have changed xattrs fail to allow xattr changes [rhel-9]  
2081296 - Enable fmf tests in centos stream  
2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

noarch:  
rsync-daemon-3.2.3-18.el9.noarch.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
rsync-3.2.3-18.el9.src.rpm

aarch64:  
rsync-3.2.3-18.el9.aarch64.rpm  
rsync-debuginfo-3.2.3-18.el9.aarch64.rpm  
rsync-debugsource-3.2.3-18.el9.aarch64.rpm

ppc64le:  
rsync-3.2.3-18.el9.ppc64le.rpm  
rsync-debuginfo-3.2.3-18.el9.ppc64le.rpm  
rsync-debugsource-3.2.3-18.el9.ppc64le.rpm

s390x:  
rsync-3.2.3-18.el9.s390x.rpm  
rsync-debuginfo-3.2.3-18.el9.s390x.rpm  
rsync-debugsource-3.2.3-18.el9.s390x.rpm

x86_64:  
rsync-3.2.3-18.el9.x86_64.rpm  
rsync-debuginfo-3.2.3-18.el9.x86_64.rpm  
rsync-debugsource-3.2.3-18.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3Pg19zjgjWX9erEAQgpRQ/7Bj65nEV0SOIx0sJi2b1JhwxkdT89C2mS  
Xrj2gh3HU92CQpiJZuvDydU3zLbq7OABNznifdKVPsJ+Zth+N4Vrssqzuqb5ztue  
C4stYAdqzZ/quoI5Ou1VTiYBRkoU8EV2YnfXlclgYf4Zgsswr4MqlWXf9aRS90vN  
/Xz8YaI51hejuSVBjoQA97PyYs+uPQfY1s/HSS/kzZm3jyWr0Akx4BdN1XMgKbe0  
K40sip6tee9GvNHXwZ/sLZFs8q/u/7ZzQDfUM0zyYPWCVyIsWixADR8biF2NHRq0  
SeGSoyw7sycPr+S3eIQ0+VNw001n4Gvpj+sHYOzJhNrtUW6989PMM6Z+poM1xNl0  
Nib5PFqZZcOzyH9N4Hzy4OBcYOkdCUXm6c+K+GN1gPPxloq07FSFihEltlDIuufy  
eWzVRR53mjrLwOEn3GnWidgJ+znuAKxyZws8PlGctbKg/2y0PRoDJry9s9HiSWDJ  
5y//A1m/mOnkoDOU32rW5lu3XceApph8MlBVqB03qjpj8HCBHvOKiZf8AMJQ5SoH  
pDLoR4gzEk2xmei0QtlRXhWxtjgeTNUuoTJyMqxgvHoaEWabpjJxNGrd4y7vDbM/  
PsXooDGL02mBzthJZ19mZfVZjzd4lNhq7CLsXgq7MpDB9dq4tQP3EJXoUwrmeflT  
f1EaczpMC/0=Q58l  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8291-01

Red Hat Security Advisory 2022-8250-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: grafana-pcp security update  
Advisory ID:       RHSA-2022:8250-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8250  
Issue date:        2022-11-15  
CVE Names:         CVE-2022-1705 CVE-2022-30630 CVE-2022-30631  
                   CVE-2022-30632 CVE-2022-30635 CVE-2022-32148  
====================================================================  
1. Summary:

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Grafana plugin for Performance Co-Pilot includes datasources for  
scalable time series from pmseries and Redis, live PCP metrics and bpftrace  
scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

* golang: net/http: improper sanitization of Transfer-Encoding header  
(CVE-2022-1705)

* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

* golang: net/http/httputil: NewSingleHostReverseProxy - omit  
X-Forwarded-For not working (CVE-2022-32148)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read  
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob  
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header  
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working  
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob  
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
grafana-pcp-3.2.0-3.el9.src.rpm

aarch64:  
grafana-pcp-3.2.0-3.el9.aarch64.rpm  
grafana-pcp-debuginfo-3.2.0-3.el9.aarch64.rpm

ppc64le:  
grafana-pcp-3.2.0-3.el9.ppc64le.rpm  
grafana-pcp-debuginfo-3.2.0-3.el9.ppc64le.rpm

s390x:  
grafana-pcp-3.2.0-3.el9.s390x.rpm  
grafana-pcp-debuginfo-3.2.0-3.el9.s390x.rpm

x86_64:  
grafana-pcp-3.2.0-3.el9.x86_64.rpm  
grafana-pcp-debuginfo-3.2.0-3.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1705  
https://access.redhat.com/security/cve/CVE-2022-30630  
https://access.redhat.com/security/cve/CVE-2022-30631  
https://access.redhat.com/security/cve/CVE-2022-30632  
https://access.redhat.com/security/cve/CVE-2022-30635  
https://access.redhat.com/security/cve/CVE-2022-32148  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3PhCtzjgjWX9erEAQhTyA/9EsqUnLA8IJYSoNbATHuTMhjUic22R9Ft  
3EDlu0a+wIRqt3K3gQFe6VLPECalVCiRjG3cvq/asbvaeVlvkVMJZPDt4OMTzoDp  
gVQVPN2s9rndC5p7la/VpWy/weD/E1bOLXG9XfCXP8xr2Mf8iWuOYTLcmqI61+ov  
CnDzqjVCCgxNLm1iiyE3/GyExnnqfP80a160J5B3PgW9dMotsiIYSVyXPbodawz0  
GXY7mnDvkqlzTDbuVLO94ZXxeq9oxrIYguFynE3Pgtj2VNfq395zcvb8mhvLaS45  
L5EXoy6q8RsG1FW7nToJnHVuLJ6Yiogy5vyCm/l2Ty8kGQYk1LaLNkJGccFul5to  
lWCRDsdN6+ixEZODkOHtXogEV9Yc/j7AMJMGDHILyA+hLsFokVGlXevDv5ODrsIi  
Vw23lsjKlUIwdeYyjqYwuX9/dQcah1DwtaRIAjgFhgRcc1zZRv3Bp+ffgA+FYTOZ  
tWIlqDQ3SfziiisQwPlR0l/1/G13Ty0rmSi2NJ9xdrIScl/ur1Eoj3VX2xC7E9Xl  
PT7hnsAta+iEVPtYNXLu5aKs9FrrbYAf5BRpMgmtQ/wglsOJuxtUq4y3aMc7NY4M  
2mII8VQqln24SIuqBiydt/S6MSgdUkBB/FxXwrpPBprjhlta5ydB5JXiysvvRWpq  
2Y4NKM59pYM=+Zub  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8250-01

Red Hat Security Advisory 2022-8393-01 - The logrotate utility simplifies the administration of multiple log files by allowing their automatic rotation, compression, removal, and mailing. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: logrotate security update  
Advisory ID:       RHSA-2022:8393-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8393  
Issue date:        2022-11-15  
CVE Names:         CVE-2022-1348  
====================================================================  
1. Summary:

An update for logrotate is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The logrotate utility simplifies the administration of multiple log files  
by allowing their automatic rotation, compression, removal, and mailing.

Security Fix(es):

* logrotate: potential DoS from unprivileged users via the state file  
(CVE-2022-1348)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2075074 - CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
logrotate-3.18.0-7.el9.src.rpm

aarch64:  
logrotate-3.18.0-7.el9.aarch64.rpm  
logrotate-debuginfo-3.18.0-7.el9.aarch64.rpm  
logrotate-debugsource-3.18.0-7.el9.aarch64.rpm

ppc64le:  
logrotate-3.18.0-7.el9.ppc64le.rpm  
logrotate-debuginfo-3.18.0-7.el9.ppc64le.rpm  
logrotate-debugsource-3.18.0-7.el9.ppc64le.rpm

s390x:  
logrotate-3.18.0-7.el9.s390x.rpm  
logrotate-debuginfo-3.18.0-7.el9.s390x.rpm  
logrotate-debugsource-3.18.0-7.el9.s390x.rpm

x86_64:  
logrotate-3.18.0-7.el9.x86_64.rpm  
logrotate-debuginfo-3.18.0-7.el9.x86_64.rpm  
logrotate-debugsource-3.18.0-7.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1348  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3PgwtzjgjWX9erEAQgPmg//XDihBmjNzDGuBNxDN3mZYrK3THeevs/u  
ii9c+qJK83fFK+dagldHlyZOtR12qWRtBjrw91E9I5zIVTgzkcFv8hu/8v8p9Ocr  
WlHTRzE2Kblai9pXRr49km3GL9thG7KTYNDT/BwV09jqYqVJsrly1AHf96rvHIUp  
uyL3Be+PMO6Q18KwvpBd3m3BaaJOhhi8NHZHIF/FhIqdPfLnxRMSJP7dOAnycZAH  
6wNV8XqtHt332/PQoZSUmg9Y1NmcCeQlbIVgCn6z4G5qP8EXTSMCr21ZoP3UuWv8  
HjGjGg+B/5AU4Wj9wzjm3R/ruITxJLQtN0tew7h9tBiVsRj0j6xaD5BZg25DbSV4  
fDPGLTyDFWPk6TJhW0SQ5/Ohc11XgiwGF7sTwMeig+1DXuWr9qFfxwYiW3zQtEpi  
Ko7C+s0Yrv35jfZMRLIz1w+3Iu35Zg93+ZHCbtbWoJZ4pKYR9H4JB9dhGuijhN/x  
4G0zgpNppzUoVkeVT3heLpBLNDck0T3sfYqEdw+CEMgLfwMmxlAas49JVGQO8Alo  
3H/dwSXUepnwYm1TiBSTZR4u9FB7280VjMN8oKsFFNX16FWhmi09X+NLnvyCRIUp  
tdN3Z1Uqr5lNlJ6QdQ+ZWCvmLHHYnBRHBFlJE/A7fqjlNJ3z3eeumulif9Py6xHu  
JfZ7LQO99Lc=8Hyc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8393-01

Red Hat Security Advisory 2022-8222-01 - Xwayland is an X server for running X clients under Wayland. Issues addressed include an out of bounds access vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: xorg-x11-server-Xwayland security update  
Advisory ID:       RHSA-2022:8222-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8222  
Issue date:        2022-11-15  
CVE Names:         CVE-2022-2319 CVE-2022-2320  
====================================================================  
1. Summary:

An update for xorg-x11-server-Xwayland is now available for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

* xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access  
(CVE-2022-2319)

* xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request  
handler of the Xkb extension (CVE-2022-2320)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.1 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2106671 - CVE-2022-2319 xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access  
2106683 - CVE-2022-2320 xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
xorg-x11-server-Xwayland-21.1.3-3.el9.src.rpm

aarch64:  
xorg-x11-server-Xwayland-21.1.3-3.el9.aarch64.rpm  
xorg-x11-server-Xwayland-debuginfo-21.1.3-3.el9.aarch64.rpm  
xorg-x11-server-Xwayland-debugsource-21.1.3-3.el9.aarch64.rpm

ppc64le:  
xorg-x11-server-Xwayland-21.1.3-3.el9.ppc64le.rpm  
xorg-x11-server-Xwayland-debuginfo-21.1.3-3.el9.ppc64le.rpm  
xorg-x11-server-Xwayland-debugsource-21.1.3-3.el9.ppc64le.rpm

s390x:  
xorg-x11-server-Xwayland-21.1.3-3.el9.s390x.rpm  
xorg-x11-server-Xwayland-debuginfo-21.1.3-3.el9.s390x.rpm  
xorg-x11-server-Xwayland-debugsource-21.1.3-3.el9.s390x.rpm

x86_64:  
xorg-x11-server-Xwayland-21.1.3-3.el9.x86_64.rpm  
xorg-x11-server-Xwayland-debuginfo-21.1.3-3.el9.x86_64.rpm  
xorg-x11-server-Xwayland-debugsource-21.1.3-3.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2319  
https://access.redhat.com/security/cve/CVE-2022-2320  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3PhD9zjgjWX9erEAQitZw/+KlpRlLmptWTwYIz/vpOH+9HYMcD0MPRp  
t1J6oEQ35erbVIn1CAi6A+krzvEClGK0a+QT7YKM17fqzQoAEDmG0AlgvBaXiVm0  
wbCJdN+YJZE5WujeW+zoX2XiyVR1pRJWJm2NCsM38u9OX4UctXQXwee1b8MU4pq0  
uuEfXOOBZTuB8dMRew6/INJd1SiBw5Be9Py21akSmeCWFopg+d6fDGomEpQS4rtS  
3dPS1+FQde5jFm+UOt5T55D+5mTkbS6SRL3A3dAT4j7TwWBbChdvYVpOkF3co7XA  
l8m25WSH8TyK8JeHqJY1AdRuS2DGJY1OcByMdgtUDZk9E2Ea/jvn8fTHe8j8lWQZ  
d0yL6JrjIn/hU7OUqN4GoOfwbqryzH/6bcaBs8xrI/OeW7aRp+sRMc3b7L+1FY28  
3e22guV8EbU5fMEMfW1CTiMSXL0bJl/TDktUrlwiqkS3AknyTGE5BE5U8VHn9t/j  
hlm2LOZs5kQ3ouE04fPw94wbdewaqXw6tjimItq12IG6cZeFE5WsCOEWvvMmT9IE  
cThImEMfXyvTDetTsL83SQv1AfosNLsXP1K3EoGOqycOqw/1bXtm7srrcHY04zBM  
iZn0WvsMfkm3wgH+2MMp//m9GQt9KB4VbcTt5NPARWt6yphYSZwvTVvA/0iU5TXw  
sFJPfxo55X4”jz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux