Red Hat Security Advisory 2022-7025-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:7025-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7025  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
firefox-102.3.0-7.el8_4.src.rpm

aarch64:  
firefox-102.3.0-7.el8_4.aarch64.rpm  
firefox-debuginfo-102.3.0-7.el8_4.aarch64.rpm  
firefox-debugsource-102.3.0-7.el8_4.aarch64.rpm

ppc64le:  
firefox-102.3.0-7.el8_4.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el8_4.ppc64le.rpm  
firefox-debugsource-102.3.0-7.el8_4.ppc64le.rpm

s390x:  
firefox-102.3.0-7.el8_4.s390x.rpm  
firefox-debuginfo-102.3.0-7.el8_4.s390x.rpm  
firefox-debugsource-102.3.0-7.el8_4.s390x.rpm

x86_64:  
firefox-102.3.0-7.el8_4.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el8_4.x86_64.rpm  
firefox-debugsource-102.3.0-7.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY08S+dzjgjWX9erEAQipew//UlWP9hP/R6CrPFw3d4ezHCdcFh0OBHdR  
nclyeQGVo1iMbcB5Dpxh2HMLx9PeNv1HHIXTJa9dqB2lWS/3BSMV309m19r07k6D  
JoFJWkz+4DlYwtRG2ePGPfAwUVZrwUy6hV82QEeABThteb8/HYYGEa9pUb85ZhZD  
faSdkGrj4inqbUN1LRE3c4nKiK/eYLLngMQj9FwrvwrrIRvBYR5cy/tWPSWeyj/k  
lvFeBGvu3l3f6WXZoo81a0a16i+6IwZj7ACqzmsqyFSJleiQeSdeKVOlKETtzhe9  
dp1m6tObbrW+bao16TlgBQhjnC0tWDVjkuiGDUM3siFXJ7pCY2L6jXNJgvTp/2b4  
NiN398N+idmd6Rc9GNhY07Od+KzcutdNkSJInFfumMxco/pCE1c8VN3UvvSfh8dA  
KUXUL+MIiWjLF5N4jwgFyj9Y+XNwaGiAfUPpvy2RhA5v61s3w0mvO2oO1R/9zs1V  
XICgntd0clJCSvYSiDutyl/SI4boHnRHE+9skOg/Vk1Xx0+02usXgNmXNSxZ4h7m  
lSnmz1Tt5n4dd8jiG32cuoJ1LxeNS+Oq3mKhR2aiUXbUbFcRYCxsfTfdCV3N0lPO  
nsJuhpygIwTmGGseWOKbg+1Hv48lSxXz3UeB0FmQuK8FVWe4lAxT9IdO8jQHg2bQ  
dO8eslyomU0=KlPZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7025-01

Ubuntu Security Notice 5687-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-5687-1October 18, 2022linux-azure-4.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systemsDetails:It was discovered that the SUNRPC RDMA protocol implementation in the Linuxkernel did not properly calculate the header size of a RPC message payload.A local attacker could use this to expose sensitive information (kernelmemory). (CVE-2022-0812)Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementationin the Linux kernel did not provide sufficient randomization whencalculating port offsets. An attacker could possibly use this to exposesensitive information. (CVE-2022-1012, CVE-2022-32296)Duoming Zhou discovered that race conditions existed in the timer handlingimplementation of the Linux kernel's Rose X.25 protocol layer, resulting inuse-after-free vulnerabilities. A local attacker could use this to cause adenial of service (system crash). (CVE-2022-2318)Roger Pau Monné discovered that the Xen virtual block driver in the Linuxkernel did not properly initialize memory pages to be used for sharedcommunication with the backend. A local attacker could use this to exposesensitive information (guest kernel memory). (CVE-2022-26365)Roger Pau Monné discovered that the Xen paravirtualization frontend in theLinux kernel did not properly initialize memory pages to be used for sharedcommunication with the backend. A local attacker could use this to exposesensitive information (guest kernel memory). (CVE-2022-33740)It was discovered that the Xen paravirtualization frontend in the Linuxkernel incorrectly shared unrelated data when communicating with certainbackends. A local attacker could use this to cause a denial of service(guest crash) or expose sensitive information (guest kernel memory).(CVE-2022-33741, CVE-2022-33742)Oleksandr Tyshchenko discovered that the Xen paravirtualization platform inthe Linux kernel on ARM platforms contained a race condition in certainsituations. An attacker in a guest VM could use this to cause a denial ofservice in the host OS. (CVE-2022-33744)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS:   linux-image-4.15.0-1153-azure   4.15.0-1153.168   linux-image-azure-lts-18.04     4.15.0.1153.123After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-5687-1   CVE-2022-0812, CVE-2022-1012, CVE-2022-2318, CVE-2022-26365,   CVE-2022-32296, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742,   CVE-2022-33744Package Information:   https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1153.168

Ubuntu Security Notice USN-5687-1

Red Hat Security Advisory 2022-6996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6996-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6996  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
thunderbird-102.3.0-4.el8_2.src.rpm

aarch64:  
thunderbird-102.3.0-4.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_2.aarch64.rpm  
thunderbird-debugsource-102.3.0-4.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-4.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.3.0-4.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.3.0-4.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_2.x86_64.rpm  
thunderbird-debugsource-102.3.0-4.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY0726NzjgjWX9erEAQgpfA//f48rKxKYKdrBQsmf8rUcMLus9CQZ4anB  
+LxQL31ga0vsmB8gaeQVrau6wuRDiQ8vgL4AfCWt2gZbrfmtTXDKThLctsP6xap8  
nLad5FmbzpCGoRVDMA0TvPlVvtugahptyrxvz5QlAVbzi9Q/8jy/0dzienG2gUq5  
pv8fq/uEbNp2XA8smq4CE9HvyKFUMaUSv7QazkxKUHpjmDVK3cw8CTShJNBrjQxC  
+XoL/2zy2wBqcu5JjKt5lu5mjZUSm7l51spuDUaCn6iw8dtM31wteUZz+HiNCPzP  
hfToni9LLHVRZd8mlAfl0/94W6g2YkChJ8WDdVb1Q67oEssluAHegbfsuHbZlacu  
v8n9sv78BpLpQj/WlizePI7cCSo0RXhGjE65LcxQg2e9V1xw56FgmwIZgGK562Ao  
UXNocuOfanwaK12lwgTKvBv6Q6z+ogVCfn58GUIYxffIEX79XXXDr9Q5BeWDjROg  
tEl7umDPdD/ZxF9F9ihyQn+zt0caK4IBDueFchnRNteCWU0exylYhyuXt35X7caK  
MZ8MZVdkcNlVJ8aqKPko7x5R9vgtaszS3FfWw5jhlpUO9iaMm+z1/9xTGgp9Rme/  
Kx3VjmhgGQAXve4aGguhtxe9n5IdcUsoxNI5CKZAHlBytX76XFZqo/FDbPNqCSfQ  
vtHSdLH7uKw=pNcp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6996-01

Red Hat Security Advisory 2022-6998-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6998-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6998  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.3.0-4.el7_9.src.rpm

x86_64:  
thunderbird-102.3.0-4.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.3.0-4.el7_9.src.rpm

ppc64le:  
thunderbird-102.3.0-4.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.3.0-4.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.3.0-4.el7_9.src.rpm

x86_64:  
thunderbird-102.3.0-4.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+p9zjgjWX9erEAQigtQ//cH68WPxCYRmUIe+fZWKQ1sot2GdHFVk3  
nBZTDZsRuoJn/civRUizCcdFTLBWk/CJyiiesdmHj0hrz+xwt2ARm4zvCR8Y0JJa  
2FPIQkd/nhycZ8ElMy6U/Yj5cgUb70t36geMpRicg89mmDW0APab1IY/TtO5rXA8  
GAHuiG9XbPp8JyPYAMz74gbHfSVtsK4hcZxTZE837ik3H8S2Y4HUSkP8az1qcZYZ  
zXBBBbfPlw8KJ7PSWDOZQd3gXwwfhAR13bHOjQYucC26IpJgSYEiuI2OMO94K33j  
YsKsH3aTiWZPuKOFsqZ50huJuxwP9VWMF/1Hcm+FGGVjP+Ya2rUz2IJFT/2Cwq1n  
dVgQeFwIqAlaXj3tLYmVh3iRWacM3+5IqbWXSUvWbkrTTfUYJsJVSVn8WQmTT8JO  
edB+wDPff+DfEWrBzNWARIvutldBOoS9JUV81i3ZVhig5GCAZ2V6eb7W4DxSGbsT  
xn1tJL4e4YUVFAljQ1+F7bxndMAvyQAbRoP9mIomQPUpT+2Seg1An5voq9eCiyEw  
zYP9JaI5mTDKumaTDEWVhIbwnWrd3+PCPOy2Tgqk6Dsi3MtcL2TabeOkZT/bEc04  
2dcCXuyoLC1zvC5K7tSb0YE3YLwOPvrgHqFUCZ59Ra/iI4JWopLKsUF3A6BAq1KG  
Ly2AgqeKk54=bu70  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6998-01

Red Hat Security Advisory 2022-6997-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6997-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6997  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.3.0-7.el7_9.src.rpm

x86_64:  
firefox-102.3.0-7.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.3.0-7.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-7.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.3.0-7.el7_9.src.rpm

ppc64:  
firefox-102.3.0-7.el7_9.ppc64.rpm  
firefox-debuginfo-102.3.0-7.el7_9.ppc64.rpm

ppc64le:  
firefox-102.3.0-7.el7_9.ppc64le.rpm  
firefox-debuginfo-102.3.0-7.el7_9.ppc64le.rpm

s390x:  
firefox-102.3.0-7.el7_9.s390x.rpm  
firefox-debuginfo-102.3.0-7.el7_9.s390x.rpm

x86_64:  
firefox-102.3.0-7.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.3.0-7.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-7.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.3.0-7.el7_9.src.rpm

x86_64:  
firefox-102.3.0-7.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-7.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.3.0-7.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-7.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+vdzjgjWX9erEAQhFjxAAkZy45G9NfH8pd+CpA9Gws/RDZL4u1W6b  
xNBOVtubCUG+OGEkosv91NpjNJUV3ru46QVVuzFnnErTd6kJUVeTRnGQTiWF3BTC  
NPZNEoz4uuut4BUSjKeDv8YKpQ2drLZ/XHyVmkZ/CSf/NDpjxJUvVReBGpOKKLVk  
ysi3b9/nGhcuWU5Rn/TmvjWz7FuE+NntIRvbGK9w1q2JbZskXdJjeAfzGFwE4Yqz  
NREdj5uGmJMIvB2NmoS9v6kFnYYdln+K9kxOL2BBHDcAHkcl+anseYLxvfdVTlxo  
AjG1ecrly0EaMk5yZXQuhoGGDwlYhNMHcAVgQkBImC73O2lNEp4KepaOX8NBIFuL  
wEZQeeh+gcKeP/uFXE4RQC4l9OuE06lQSGrLewR1Tj4U7Ujkld5Zf80OcTbXtzow  
lUnmgjazR0/CV/nKmUE3PFN68QdpYVNKROs3y3cTiDmg1OBME76yLxm1Fzed+jvL  
QEtpW1HVXDeZJRM4cUJnXUXjZN5u78U/HT96Hgg789144J7077pm9shcqU5adXh6  
Mfdp31oabWId0ddoU2wEhg5we7scrftKm3HukD51JYyYPHafPVeV1dujcpumn5AP  
1L9R6w6acFoAVFCku5MzyKLFLv/0Hjq94Co1pWG6IYi9afiOW3QdMjGcixsg9W+V  
UOel8x3jM7sÙG2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6997-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:6991-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6991  
Issue date:        2022-10-18  
CVE Names:         CVE-2021-45485 CVE-2021-45486 CVE-2022-2588  
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.8.4) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* Information leak in the IPv6 implementation (CVE-2021-45485)

* Information leak in the IPv4 implementation (CVE-2021-45486)

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* update RT source tree to the RHEL-8.4.z12 source tree (BZ#2119160)

* using __this_cpu_add() in preemptible [00000000] - caller is  
__mod_memcg_lruvec_state+0x69/0x1c0 [None8.4.0.z] (BZ#2124454)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation  
2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation  
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-45485  
https://access.redhat.com/security/cve/CVE-2021-45486  
https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+2NzjgjWX9erEAQjyAhAAg7yjSCXHL+nyuKbvoQPZpsmeahSSEbMu  
adR5+jpvA0onjw/5yu8F2ptCCs1upcGGyBy42bmvv83KzphlqjQKklLNeiXPJGoE  
R7qz1JK5DyNCm1y8wrqb7Z9l3GDFfZ5hcQURGJgfbzUw+WYBFA2Ar5EVsDXLOTc6  
uPnfXrTNTd7zpiLn68rpG223A6EtY8+iUSZDpGlijvnSgUPX+vtm0ku94uhe1lEX  
jCziNjfdKfGkh78e/iUuZW3+wYsmpk3/y3344MaSohn+q7J6FjVBbhc16l35rYqc  
QgfOgBaoTYkPea+a7eAC/3l9gHAdeMunwGHKZZwRHjD6qnR84fTwyE9OqIsga3id  
VnXQ2wB1rbaQ7R+ymboNsaD6bQJQ26U0Xqgo6cLXDnJ4vRCGqiaNs3IZVu4Npsuf  
TVDK4Y95J3H9rEVoTJoEv/S59aQiQAYXBDJ7fcAr2YoFWyztKbr1/4v5rTbLfA9J  
HY5geMYGCY4NNHi5JWDypPG7oCUu5MNFwDqGS0k88CSPYGDgabVBeJgbKx4PdkUX  
m3GRLycKC7pQ0ywERVRDEYwBTED7M9BqWyVJBANEKkkB2/1YrK53PszFFrYpxhuj  
bjID1FQVwCZmU77y3FeSuKPxem63YLQ5cC2DTrLzN3bJMpxwcL6g6vbU4gugtvW/  
vvdNuHvzsKA=urYL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security and bug fix update  
Advisory ID:       RHSA-2022:6985-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6985  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-32212 CVE-2022-32213 CVE-2022-32214  
                   CVE-2022-32215 CVE-2022-33987  
====================================================================  
1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: DNS rebinding in --inspect via invalid IP addresses  
(CVE-2022-32212)

* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
(CVE-2022-32213)

* nodejs: HTTP request smuggling due to improper delimiting of header  
fields (CVE-2022-32214)

* nodejs: HTTP request smuggling due to incorrect parsing of multi-line  
Transfer-Encoding (CVE-2022-32215)

* got: missing verification of requested URLs allows redirects to UNIX  
sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:14/nodejs: rebase to latest upstream release (BZ#2106368)

* nodejs:14/nodejs: Specify --with-default-icu-data-dir when using  
bootstrap build (BZ#2111419)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102001 - CVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets  
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses  
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding  
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields  
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
2106368 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.4.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm  
nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.aarch64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.aarch64.rpm

noarch:  
nodejs-docs-14.20.0-2.module+el8.4.0+16234+70f4adc8.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.4.0+16234+70f4adc8.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm  
nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm  
nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.ppc64le.rpm

s390x:  
nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm  
nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm  
nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.s390x.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.s390x.rpm

x86_64:  
nodejs-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm  
nodejs-devel-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.4.0+16234+70f4adc8.x86_64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.4.0+16234+70f4adc8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32212  
https://access.redhat.com/security/cve/CVE-2022-32213  
https://access.redhat.com/security/cve/CVE-2022-32214  
https://access.redhat.com/security/cve/CVE-2022-32215  
https://access.redhat.com/security/cve/CVE-2022-33987  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+5NzjgjWX9erEAQiaqRAAhpKyHJTAukuosAMfI9O4+sv1Xbo666Cg  
250PzdCk7Olv3jlhTEDRrxFMfrbI8uvfvZ7Wze2urUKzGAqgq8sY2e011VVqJcbd  
O2Qn3csPUrMYsU7yuI8tXyHpXY83rcPncYN9B0pbn73V+tS1HgTqzB2k06syiqXu  
7JW4YjqpcqX7v1IcbOSS9iZOqrHDkKuBleexnQbER8kYQ1dapUOplElSaANteuJw  
VoNpxQXtg2XZvo3QZ0DgVRrAPq7WAjMpy3ovpScbOG5cgz4sUQ48TJ68ZwKGSO0U  
6eBojualI5Wh73mpXjLIs1xAY9ovqTdnZl9Mf57fi+d8DjxbWCNmkotLkKgouMm7  
oTB/S4dr0CHhMIH6/z0IyC7nGIdk3pVSvyELLDOjbJU8ys68is2sHqBzkCSxLqs5  
47zOy4Vi7TxnG6b1FnOae3RVz4XyqF0mA4q5YaeS+ze8S2YAjmDWT51QcCk1KQIQ  
qyKo8xJNjLGiagz2gQ38kMRsKNJLmBEhhl7ZH91BK6i7UxudM/eG/RPD7ZWtUyJp  
+OmVyUlIkwZwZWQ6whGgAuZZmOgzSfzsSB1T8x24U19lRa8ZPXpTISttWTmQ1AD9  
Z1sdfxtSeCQx6sd3fSV+VwUWY1gLRnE84qeICmjOJk9cXoRH+X5AWS09I5xyt9QV  
eKJYi8R2SCg=jJWB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6983-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6983-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6983  
Issue date:        2022-10-18  
CVE Names:         CVE-2021-45485 CVE-2021-45486 CVE-2022-2588  
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

The following packages have been upgraded to a later upstream version:  
kernel (4.18.0).

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* Information leak in the IPv6 implementation (CVE-2021-45485)

* Information leak in the IPv4 implementation (CVE-2021-45486)

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* DR, Ignore modify TTL if ConnectX-5 doesn't support it (BZ#2075549)

* execve exit tracepoint not called (BZ#2106663)

* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)  
(BZ#2107475)

* "vmcore failed, _exitcode:139" error observed while capturing vmcore  
during fadump after memory remove. incomplete vmcore is captured.  
(BZ#2107490)

* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110773)

* Allow substituting custom vmlinux.h for the build (BZ#2116407)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation  
2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation  
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kernel-4.18.0-305.65.1.el8_4.src.rpm

aarch64:  
bpftool-4.18.0-305.65.1.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.65.1.el8_4.aarch64.rpm  
perf-4.18.0-305.65.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.65.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.65.1.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.65.1.el8_4.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.65.1.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.65.1.el8_4.ppc64le.rpm  
perf-4.18.0-305.65.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.65.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.65.1.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-core-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.65.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm  
perf-4.18.0-305.65.1.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm  
python3-perf-4.18.0-305.65.1.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.65.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.65.1.el8_4.x86_64.rpm  
perf-4.18.0-305.65.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.65.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-45485  
https://access.redhat.com/security/cve/CVE-2021-45486  
https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+8tzjgjWX9erEAQgCtA//f0ySJLrYcFKpxldWHCr7HnGpfBaXh4g/  
XLr++MsSvHZX02L5L5+lx2o3K0ZlnBdb9J3K3JykN6cApvHJw3lwy3fyBU3gWFz/  
exkwTvF6CdPs9CpsXGdpmdVd9jKDNub08KGemS4LL7VSI75Enleoe2vGNOOhlbIA  
O8taEzIfq4m4BX8VZwuflAYjsOFkV1ax0iiL2vcmF7deXZDrGk0axHEaXJLmP9w/  
tD+VnoKSV2eQnirVCblG94WqOce20EUF4+o3WAYjkcueWdY4gLRjTOKdLrzUF7EI  
aDvZyvcxtvIWq+0CgC0NBb9mbvQjsr7jdDT4MnERyePFlQNInKR5YKKbnS9Blw5p  
OM6o8/nxjKAOxDNe1ob9AaPOhu/nxKVVgEiq0pn603ZMZPGGtkP2QclCvPZ7NOyH  
J1G/89l2sbSK5d+d+Z7v2/CXimogCqaW9F2ysrkxYVIE8LDSCeqZttyHtOFI0yrm  
3OJfJfLJFcz/8beY7hXWWGQ697IJNl8uymY7SdPk47ulec7FTSrax8F9DcI+bn1q  
qG4ekwG6BOycTH7epRRVCKwiRglhJwoO4zDZsEsjyTsAg0HUdo7MYsU3l4IGJeLO  
26YmdgdRAagVGiEBdlH9dNwI5GjtOP3JhCy4qUErGNrRRV/otEbdQvLBSbQOUBLY  
n4FMroQf7Lo=5/cJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6983-01

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: nodejs security update  
Advisory ID:       RHSA-2022:6963-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6963  
Issue date:        2022-10-17  
CVE Names:         CVE-2022-35255 CVE-2022-35256  
====================================================================  
1. Summary:

An update for nodejs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version:  
nodejs (16.17.1).

Security Fix(es):

* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)

* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields  
(CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen  
2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
nodejs-16.17.1-1.el9_0.src.rpm

aarch64:  
nodejs-16.17.1-1.el9_0.aarch64.rpm  
nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm  
nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm  
nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm  
nodejs-libs-16.17.1-1.el9_0.aarch64.rpm  
nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm  
npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm

noarch:  
nodejs-docs-16.17.1-1.el9_0.noarch.rpm

ppc64le:  
nodejs-16.17.1-1.el9_0.ppc64le.rpm  
nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm  
nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm  
nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm  
nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm  
nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm  
npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm

s390x:  
nodejs-16.17.1-1.el9_0.s390x.rpm  
nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm  
nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm  
nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm  
nodejs-libs-16.17.1-1.el9_0.s390x.rpm  
nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm  
npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm

x86_64:  
nodejs-16.17.1-1.el9_0.x86_64.rpm  
nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm  
nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm  
nodejs-debugsource-16.17.1-1.el9_0.i686.rpm  
nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm  
nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm  
nodejs-libs-16.17.1-1.el9_0.i686.rpm  
nodejs-libs-16.17.1-1.el9_0.x86_64.rpm  
nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm  
nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm  
npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-35255  
https://access.redhat.com/security/cve/CVE-2022-35256  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06/ANzjgjWX9erEAQiS3A//a/7YiqLGAi6J4JWVe22EK4VbXRIDQaBy  
hbNEtORz+NaJVEGQwSqTpbz0Qt5aUVqsyGeHOOCqoRpuziVvNGmK8IPK1qFmXQLg  
/ZIjgBvWfTSEntUTNpCx3cuACievBJejrjd6xinweFe5LW/fbSEK8vgEG3xlSCCc  
SvgET9svaD717atxmIzQeunNX78M7EcWFt9S/95GbO0tQMmcBcp36b5JzRvEiYi3  
YoMzNGYpQAYpGxIzhDLk068Lky44gxjAC7GM41XkNTEslYXD1x0wKN1j7xLnOQ+E  
rXpkNkCPHQemK8vtvXk1KYWsHfjblD1SZY4qXudQlNgZcxtegvcWPuRemLC819Ho  
oNLgWPfWB5bs0Zroka/GNX2gu+n+q10oQGexSS1xwZYXvZn0BJEIcz3wJjnpulaU  
4TfHQzfsUvMxnpv4dL4Dwim4Xs/X8E8vRxUBgO6VoV15Ng9K8yrL8vjy0lSbYKhf  
57wX7LRZLBngpXhGtR//25Eo8/WUmq05xoxxoZ0cT73idCR5DNQkl75aOJffbfnP  
xcBkdqFN7UtevgCUITh8ERT1SLwkzdFk0xdnD1bLPU1ZTqkF7dCde1AT8+Xj3U5G  
YJX9Mb/jKPDPl1WTWtCb7MDy0qynYLVglXpamyi0/8RSXaCPixgk8iBTkJtp3jiF  
z1Z4gpQsz18=LDBN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6963-01

Red Hat Security Advisory 2022-6995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6995-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6995  
Issue date:        2022-10-18  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.3.0-4.el8_4.src.rpm

aarch64:  
thunderbird-102.3.0-4.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_4.aarch64.rpm  
thunderbird-debugsource-102.3.0-4.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-4.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-4.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.3.0-4.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.3.0-4.el8_4.s390x.rpm  
thunderbird-debuginfo-102.3.0-4.el8_4.s390x.rpm  
thunderbird-debugsource-102.3.0-4.el8_4.s390x.rpm

x86_64:  
thunderbird-102.3.0-4.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.3.0-4.el8_4.x86_64.rpm  
thunderbird-debugsource-102.3.0-4.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY06+mtzjgjWX9erEAQgXng/9Evo8FZGcZvmloSx4MiQiewOkIqHQilBl  
ltT5tnMCoVWqF4j+3/WH0uwX+9FgokAEbyZKQh1BepMWTFbW1aNSYbXuXnFEyPDr  
Gw6hTj9r6/T1LV6LWbKoPNPa9D+QmWCpLt9/l9r+lhiHFeq+QKKt/tDfR7CBi60U  
1KNqWeELn4tFnYL/CLIWTSbjDLNRoD1OQJoB9sCmwnbj6KYebUufYhE0cklvDhA4  
8z541hf4gXAGOsn6jALGRZyzlkESz0CdEfV0Owyggp7dx7gUA/pcrx+YqYbrDUou  
K+fhzG/oMofQv2hnERdpj7n6cln1MGR3hGGCr+boQkf20vnFeBCct+LviNZ+9xZQ  
BndtLgucnIl1vDaa/pGeeEdVp//XruYPOpP32qC8QqMgsJf3rbVamJ0sXbaQrlxQ  
FJJNObz9wx8hspJeak9pWLD6I+Xo+iefLWcop1x3cQcyjid93lp/QK8WI9F1xCtH  
4HhsrbascKIxif2thRkJNZrbo1VqpHKyiN5mP6yMr0Tb21SCzeBQTtMq2bGF49Q1  
vumc1PKyw5nC9WRfoGzzYwNbf/PI03gVUPtovz21qCHBSgQFilQis/3WJHKOvQs1  
I+Mg0ru/UrpGCRjfT1l7sPI5AD5dKh0YY34txrEb1OkGb6f6X7fPyPcnhjoaBvqL  
KY/lIJg+Nd8=mXXX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux