Red Hat Security Advisory 2022-7329-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: lua security update  
Advisory ID:       RHSA-2022:7329-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7329  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-33099  
====================================================================  
1. Summary:

An update for lua is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The lua packages provide support for Lua, a powerful light-weight  
programming language designed for extending applications. Lua is also  
frequently used as a general-purpose, stand-alone language.

Security Fix(es):

* lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to  
uncontrolled recursion in error handling (CVE-2022-33099)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104427 - CVE-2022-33099 lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
lua-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-5.4.2-4.el9_0.3.s390x.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
lua-5.4.2-4.el9_0.3.src.rpm

aarch64:  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.i686.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-devel-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-devel-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-devel-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.i686.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-devel-5.4.2-4.el9_0.3.i686.rpm  
lua-devel-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-33099  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9JdzjgjWX9erEAQheTg//aflei8nmLalr43qUBKZqkDaEPMrvlVQr  
H2425hQv6zIUUNsk+3N+BqJUMMLziVIkBv5o71NFMh16JMqXGrzeNrwPAGVyIt6N  
8AX7vTuOIeJ8fF5RcdOUWHQxodQUMFkrvJjLcVUVHEXfdOllJrep+/l00DmDstBJ  
OumrhkgvBKFHx8krDIl765PO5p0Z5Cfz6rLnfVLMcW9KAkLRlEdGPo3xcIsHAhLV  
xYB/UHuNFo45yArnAX2oBdveS7PB+xzTn/B4I3Bxdjd+fZAzVl2WDlHNwPHPeFHV  
5CYwW5Mfvrm1PcV4pR+RUb7I89o6EZgM70iyhMcK5HcllEPuYcfZXjeQVHadc+aM  
wbY1yTbpY2fUWAKSKs+kM37lUAF/sxBkQAL2CjzquHMwLDa+0RDqjnrVI2t4k6JY  
OMfOC379Y3F23KpH5bYGwrJs3X/0cFkXoye0nnkYTls7/sJ4Uyxy/BdSyzydPwJo  
wVnVmuxV4BwNQ9vGZC+JuGXM/G1Hee3gnU9Cb60+RhPWPCWBwKSnKpULt1jbt4xO  
n7ZfV6W5YNXcqU1DzQU0e644sLpTHeetgy/QIZfMcTEJl5dNKoFf/mj9SpSCILFa  
yn3eu2mp/KSEZ+CXtV0jNwYI6wfsVaWDbi34KK20AAbLI/mSHUV0Pcl7++4IP6V0  
NRgW2g5QG04=WQH9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7329-01

Red Hat Security Advisory 2022-7343-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include code execution and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2022:7343-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7343  
Issue date:        2022-11-02  
CVE Names:         CVE-2019-11358 CVE-2022-30123  
====================================================================  
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* rubygem-rack: crafted requests can cause shell escape sequences  
(CVE-2022-30123)

* jquery: Prototype pollution in object's prototype leading to denial of  
service, remote code execution, or property injection (CVE-2019-11358)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection  
2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences

6. Package List:

Red Hat Enterprise Linux Server High Availability (v. 7):

Source:  
pcs-0.9.169-3.el7_9.3.src.rpm

ppc64le:  
pcs-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-snmp-0.9.169-3.el7_9.3.ppc64le.rpm

s390x:  
pcs-0.9.169-3.el7_9.3.s390x.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.s390x.rpm  
pcs-snmp-0.9.169-3.el7_9.3.s390x.rpm

x86_64:  
pcs-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

Source:  
pcs-0.9.169-3.el7_9.3.src.rpm

ppc64le:  
pcs-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-snmp-0.9.169-3.el7_9.3.ppc64le.rpm

s390x:  
pcs-0.9.169-3.el7_9.3.s390x.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.s390x.rpm  
pcs-snmp-0.9.169-3.el7_9.3.s390x.rpm

x86_64:  
pcs-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11358  
https://access.redhat.com/security/cve/CVE-2022-30123  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9MNzjgjWX9erEAQidcA/8CUbH4WDxWDMMNSSKsc1vptCYXSg3/P52  
LArMtnekhn6ZEle0RsB+d7WuHFnA9uQNSKo0pV8ppegAUQqBnfdJlltk43BGjbA2  
mGVa2/DCJn80WcWw17vzNO3T/1HM9hbIo0APahsfafuQVGXTHkjBKLM8tpL+ie3G  
2aAKrDpziMf1/gTg/YxS4jm7pqjIFXJAOVdDZ0jNit9wnzkFJ5JVrAY1GV9+Ckwk  
uAFomsDExOuGR6ZWE1LDona68EaLgamT9F5O1+z5Z7TejbG2ZkEEAAlFmi5Z7tS/  
EuVvR9BjCU8+gvV700HiguD1Ip2hPGVObKjPSFIwSvNf2siuL64/AZs3yaYOTvhf  
u5IHHJPXjCO7FeGSWY0/IH5nohb4Dtz2TK+cUg9ItbDg0k0FwMx/UfZsNwVl7asn  
kfUwf4os/ZuFGn5CcnyqN6wo/sc/0VfNCZ2ldFz0yhaLaJPIWCso1sTxww+ZLlgV  
XQAirYvcug3IdyK5wusZytMPwjghGICgMidxXUttk8cv0jAC1yFM4x1B/BLqjhWS  
uKCh7zDJB2GcBH0M4THybXYG5OwHk2QfoqW103O8ELoaZsBJg6OAYzqHXvCjivsa  
tmt7XbY9xymrVb6JOrXiTqhDGBayqxuc+OzhnzXMHwrfrZMCO78u25zb+te9EzOy  
vveGvf6xVl4=RMfQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7343-01

Red Hat Security Advisory 2022-7318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:7318-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7318  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585 CVE-2022-30594  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP  
option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)  
(BZ#2095653)

* execve exit tracepoint not called (BZ#2106661)

* Matrox black screen on VGA output on some systems. (BZ#2112017)

* The kernel needs to offer a way to reseed the Crypto DRBG and atomically  
extract random numbers from it (BZ#2121129)

* watchdog BUG: soft lockup - CPU#30 stuck for 34s! [swapper/30:0]  
(BZ#2127857)

* Update cifs to 5.16 (BZ#2127858)

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2127859)

* vfio zero page mappings fail after 2M instances (BZ#2128791)

* The kernel needs to offer a way to reseed the Crypto DRBG and atomically  
extract random numbers from it (part 2) (BZ#2128970)

Enhancement(s):

* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64)  
(BZ#2129453)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option  
2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.30.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
kernel-5.14.0-70.30.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.30.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.30.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.30.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.30.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.30.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/cve/CVE-2022-30594  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9RtzjgjWX9erEAQg5dw//ZFjS/ugn0S2QF94xP3PXnxhZgdfOXqrV  
DLv2UvywBFzf8GTz/0Lkf7zl9SQ7QF+ZPf2MHIYLPxqswTOt9XXJKrhcbh5E+zAt  
M3FIGkNoPBKxPalPp9lwjSQUU5fpYMSnOkvJIGx8LasUz7NlRuwQrK7k7Qb0tDqc  
AjXAnvz2bE3G9P1bPbkoYzBYk4J4WYGS8w3GRFzhmqqn32Uex6rF+sH5+YqxYt0P  
24FTJDa6ggybzCbYfFNxEmbySP2s/feTAejA0P/AADxKjURj2GCeTzYZBAiAh07Q  
Ui0wOly0VoFCE1dDiRP0A821mve6WK9OJtVdQGnOwf/XiOxxpZQKDNap8AHXGLiz  
F9uq7eC6u/ISHosgs5z/cyFW/CshAYQjrEbl3LZ9LGFnbV5ZFU6eOxTUhyNp/x0Z  
Re9aD/xEJdA/W4YDd4a6Pb7SzEY8N5N/uhFn8MpEmDEcTp6ydxVnFBiHAEhW7bO7  
5jeneVnc8qQTetNkSvF5EswMISmy9grZMWX+7wx5YLPRKYSWHv5Y7ZcPan8G3QfP  
Atiin4WjSDztlDaHR+y69da2T+aGGHIzXu0if/hlanncWI4YT2i7N99ViTqJJStf  
Xp+r1Jp2xhZYRfrCa5YCn4M8nxyrlaMfQE0IdzTpj8L0A2LTflFAEMC1CedxzWc0  
nXkBWQ86WbA=KfTC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7318-01

Red Hat Security Advisory 2022-7330-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7330-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7330  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9OdzjgjWX9erEAQhHwBAAmFCYqZgU3Cuh3eHw9KxVa9qYDFUDrZDt  
rFO4fWiEhsvuSzTL+4WxHZsHQaW8AbLjWBkCqzPXf/LT64lNs6HRc8Jmhg3i892W  
XVXSDN/EbXBqYkwPJBdI6JqK2S4WQPt1wkGOnMILeIczgoXiBuOrCQGHWkb0LwXN  
Ca1Q5H9pxZyE5/1YzZ6XbTL33NleV+Lc1Lhx0hmeJSSPCJ/YnMOHj9TRz5pxNc+b  
0NXwp8tIvI88PYKVOF84yDFjEAOCp3hNPrngrZpEyVnisqjXh14J451itUvdytb8  
IhEMa7LCgkpvTqUb87zhUq8jvVNJZcpDiCy+UmNZcYVZKJ9p7jmGXb9ExjQMgxum  
gVAvcPHEeE933vLMIhETzmhbs50MA5Drq3+1FyBXoyuPSOCWS0DtcZoQzl4ruQjd  
Dv1g8cliXciv2g7/31kdAJ4DFQVOBhqUW/axjHrQ8dtiXHqJEUExkpIc0Wg7woMn  
abjnlYFGOBAA4Q3zed9034TpbbqDEn7/ZKkPDurPd2DtiT8hTWjqs9Fss56VDmy+  
rMV+hD1FTLst3P3Ky8KcshPVmfX6mU+7SvmZgTY2alS6jmU576Fo+EDeu3/HQsxW  
6idF/qK0CgxKpH10heDmL+G/CV8oAk7Le+ShQMMqw4wTkx/N+ocDffimuv1hLYZr  
yvAqmRXF+CE=Ugtn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7330-01

Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5269-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 02, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pypy3CVE ID         : CVE-2022-37454Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, afast, compliant alternative implementation of the Python language.For the stable distribution (bullseye), this problem has been fixed inversion 7.3.5+dfsg-2+deb11u2.We recommend that you upgrade your pypy3 packages.For the detailed security status of pypy3 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pypy3Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNivD4ACgkQEMKTtsN8TjYcfxAAhkg2+/s7yTHve08CkBReV5cZ+z3cJSCCm53l4CHbpiNcza7IPzi0/GMjEupYEF+Mozvtm2puVgnWRkckuF5Nss3+yZYpHpPug4AHbEQy7GD7OdqVkV6aih0oAgIfd2jeaxzUAEEQ/7Mr+wInMknxDGmW5giFo2vUvR5dESRcfuImyaiJBlT6KUZY5ocMpp/JNcomfI61vJnzpqcnP8MMSLfzQuyyJoWXlUonJJCKw881Em2buRDRIZJJr3Gl5uF4vXUsJEWQqLMvpqJfCwjI+h6gmkZexv8fklU+xF5NFbf8Hlo2mOJq7mZVX6xplm0AhgsaqtM/dm1U4jHFflLvJ6LYTRTP3XqsuysSMhmURE6n7wUZBF/BvCqn747nS3yKFKyWXcP2AuEwZy1awo2xWigk5QJLIpcMcYP1MxLrMYZE2F59xXTctPLdwxZjdT1PZIUmxHVw3+kGDkGB/4EB9DGTYP925Acj+pwnrgBgwisQs0o2vKkKhYMZ3xvUf0BMszbVmNMBHE0YFPtAD/H8ALdxOTFwMtihQzBKvwmiBohn1lLRr00rNpaiYxJVOPxPFQUhI/RrB2m1BD0aAWSPNGZu8THbYyxA+1Sur3DMMRrihDLGfcZj2RzKGMEkUffW5oj9ZQeqhele6vfqHfvWRnhjc8rVkhRlyFCYLsHtnM4=2m5H-----END PGP SIGNATURE-----

Debian Security Advisory 5269-1

Red Hat Security Advisory 2022-7319-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:7319-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7319  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585 CVE-2022-30594  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 9) - x86_64  
Red Hat Enterprise Linux Real Time for NFV (v. 9) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP  
option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Update RT source tree to the latest RHEL-9.0.z4 Batch (BZ#2123498)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option  
2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 9):

Source:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 9):

Source:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/cve/CVE-2022-30594  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9QtzjgjWX9erEAQiFLQ/+K6viC4XHwAj5lozXPGUlcQGQbeWWMB7q  
0IMXwfGG+V8e4hRGQkqzBy2xZ5utcryPOCEbtygSbcZVHzyTvZbVU0yxJiH1fKLO  
+YfjYCoiu19G/KRkhOUEOB/23yJE9iKAL78pobh4GRCZ5/dp2tQDgRT7Nh72RXQT  
G/QkCNxQ5KMFtcsVNg4yN8BR5XS2vT83UrQ/B0PK4hcTIGlNw8OD2m6269HvSU4O  
fsVnF/igjUeLCcjCp/bHlT7+mJaTDSOro5EiMtEi2Q12etYIMnFIWBa8C8SzrjQc  
Mtn6Olon8s6uZt7KHan1zjJX6bGCKmnJZULW1IPnpDMWIRHBccOiM7vb9hrQVqCT  
QBWzf9hEOxc6ZzAwEO0mmFC6qrnBQUClZRF1/crDswTcp64RhBBgQZ0LlQvs1M1K  
L8wnuPCL4gY50B9nH2CX2sg8OffX9T8jNakSSbZCLduFvp0r7m2oQOK9vF5lMfQX  
3B9vvq628DDVzveiw/LRxXtrFHAOM/SlYhz8iTp+L9JMQiwIl8c6SRMkXEqvLvLH  
C2iizwJircxlyXO6Jnd36yiy2Acbr24gPP2cycCYvlAWEegTcUAHEAiYVRmNiEzO  
csQhdzfQvGAawuiNSxuoNY608XWFdgBLGnXMjWKEZaxZiZi7W38ptsTgSn6LnEms  
fL5bpq4kKqk=cpHx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7319-01

Red Hat Security Advisory 2022-7344-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7344-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7344  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_71_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_76_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_71_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_76_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9LNzjgjWX9erEAQhsnA//UwMUCdN9W7+utXqcMS6RGN73XG9tWWwq  
IWdXzGq+LnE+qllL5QeY33PKcAFZSOGLrRT/g1uy2C4K+ib4Y2gJ9Xd4FPfnnmgU  
wCQMNCy8aPPPnDcomwfiAYNhVdH/RLwQniiYpcd4NcD+8Xrwn4X9QZIitT4o7ihZ  
oD1DQLlHylRKiyf1R3QtnkJcdDgkMf2Lfs4pldhjqXkVS2TaK583dG9kXX2SAvWC  
a//aLchmWTL9gECnVEbDE7gSLclR9hNoaMWIKXoHvnathc65nStoeU7YxFB55xrq  
9SU1tHNY2NWUsblsOVGbyUdxsE8UoEXnwBVwwUh60us/XHpcbQD3yIAKBAYuxr21  
FDAKG3QZ+ucju71h7W2mOL9LWd5aFF8tsp7yHoyc2SFI7bDLRPNZSgRMAqhqPohN  
1CIAAUrO2ep+o9/KjQhgOpJS8VZLRLxNFA5xCcQq6g1QWFYXA3waDYxxpDTGLVDz  
mSwiZtUFec1ReepALgo5B5vxpGSRvWWKiS1jh8cnNynwm+u0veF15f9di+jI1B8J  
B8giDVmK/jb1Tp/SqpK1NwFVBnL6WJ56VKAKQ8tEfPtmc6PbIAmOFCO60YEX4Mpo  
i8+sBeSnYiCzoDckA07DAldePiRO6nU6Xph0V16//T1WUMyfTYeQh5HQ1hiDiVHe  
6T8/N5WxKa8=8+4B  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7344-01

Red Hat Security Advisory 2022-7314-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Issues addressed include buffer over-read and buffer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: zlib security update  
Advisory ID:       RHSA-2022:7314-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7314  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-37434  
====================================================================  
1. Summary:

An update for zlib is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The zlib packages provide a general-purpose lossless data compression  
library that is used by many different programs.

Security Fix(es):

* zlib: a heap-based buffer over-read or buffer overflow in inflate in  
inflate.c via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm  
zlib-devel-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm  
zlib-devel-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm  
zlib-devel-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm  
zlib-devel-1.2.11-32.el9_0.i686.rpm  
zlib-devel-1.2.11-32.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
zlib-1.2.11-32.el9_0.src.rpm

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-1.2.11-32.el9_0.i686.rpm  
zlib-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm  
zlib-static-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm  
zlib-static-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm  
zlib-static-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm  
zlib-static-1.2.11-32.el9_0.i686.rpm  
zlib-static-1.2.11-32.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9ItzjgjWX9erEAQiHfxAAlO5bDXesPL2aHyX6C15K0NCSqYYSugpc  
jh5XWHtBDSf0tFLDI7D0ru2cDe98WRoQ0MJNZA2HNwCx1tznW6jJX4cnYHlnCeC4  
/thKFW1MfXV/n40Fu7Boq8BmrLCHixTwe/pGuz19YYIJeKexdDmN5mf5tYp01BXW  
uDwCfC0VgwU0zFcG4TXvHZdI+CDTFr/azkC/aXpFCVyTMZAw5ZiTRgu1WL/UKyrU  
prhsHcxXoICqJbJYu5gql3QGaXwGXYP/N7RMlfaSI60FL6trDE5+1f7eJTugsxwv  
jyaarOy7AWlno/lEMrffQ7/9k9xUpowt8Qt0LDjuTP3tPlGULkyb1DYQOUkttniD  
b4X4k/DY5PBwZTOeGsPBbFcvliwcwgMVqmGfZHZcsRc7VSsGzrGsyowVxvxJqasP  
VPjOMOKeQVEf3Kpl0Nvfd5D2k24NlqgXpiLpSevwkJTi6c7VWUPrGGCTmL5XUy8T  
4ISiB+bDwlmI5LxhqOyVdHLeVnNaeR6wxEfQ855CDCXMAeElHodi+KxGvqrWceVQ  
pEinvfduBT1Y8HO8ztDWYJ6KM1r/9JOTiACpMoKGw5KqSQnSrPwCuoZIwlXK6fiE  
C26HKcnaq3GK0IDkT+LaVUtl4k8Ja8V4Rv0OMwU1JgbwTUTI/iQweKDAldn8/cbA  
NVQfk+Oscic=3u2M  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7314-01

Red Hat Security Advisory 2022-7326-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core security update  
Advisory ID:       RHSA-2022:7326-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7326  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for pki-core is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
pki-core-11.0.6-2.el9_0.src.rpm

aarch64:  
pki-symkey-11.0.6-2.el9_0.aarch64.rpm  
pki-tools-11.0.6-2.el9_0.aarch64.rpm

noarch:  
pki-acme-11.0.6-2.el9_0.noarch.rpm  
pki-base-11.0.6-2.el9_0.noarch.rpm  
pki-base-java-11.0.6-2.el9_0.noarch.rpm  
pki-ca-11.0.6-2.el9_0.noarch.rpm  
pki-kra-11.0.6-2.el9_0.noarch.rpm  
pki-server-11.0.6-2.el9_0.noarch.rpm  
python3-pki-11.0.6-2.el9_0.noarch.rpm

ppc64le:  
pki-symkey-11.0.6-2.el9_0.ppc64le.rpm  
pki-tools-11.0.6-2.el9_0.ppc64le.rpm

s390x:  
pki-symkey-11.0.6-2.el9_0.s390x.rpm  
pki-tools-11.0.6-2.el9_0.s390x.rpm

x86_64:  
pki-symkey-11.0.6-2.el9_0.x86_64.rpm  
pki-tools-11.0.6-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9PNzjgjWX9erEAQjcRQ/+P+5dpX6ei0kSbhir0uUtECC+YYwY3WlU  
+S7xfH/+sSjOKqLypjxrQd4lxO5DOV5dHW/BnXneo8/bPwti3VmrBM7zSHwLZKHU  
oXj+kQnOzXhJrvnqvBY+anXAqKXJmbwD5dBwcsK3/Gc1C8xPjLEbYpj/2S0iYNDY  
2Ls5SUEkkFSOdTSA79VSIp6LAaZN+Hz2tnMqU4uj8xEZ9j4WjO/S6XkadAgb5blP  
5pYmPQu3m14VlFPyw0u6eGqmCZepr17yHKAy2EE19UYUUD9X6Au3AJg1RqH4NWHZ  
X1Xs1u0yEIMFD61gikk3af63pi7BR8x++RlzpjUYjFyi05wys4a3Ldqvsmcvw4JO  
XnDaQ6nDKDgno9lo/0jN62S5z/qXQmPqYuhdROZtyHrkzP6PvQpVgQT6M9z119E4  
8eUY7m3cfcFxBaGlC+snTQLWiw9Hhf+x1yH9tlwIMzd3P7xqPdxPLRhQNQK1D0RN  
bkUNiZfKDSHioW6YuHoLYCwnuj70jI/w9ET9zdThrLVKnqq4OU9TzG3BGii782lI  
ODk6+xm8ViiZFdXwg8dYpeNTOeCM5saDHVkeI5CYfr5Zo8zTqnldITNuC8L+5hwR  
BPB/fbfluxEtJR/ckhLA7AKzC826PGrk+oQwadJrX6CsN/qxTLJlkZizfPN9ZXb9  
nHJWA6oIWAE=sFpp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7326-01

Red Hat Security Advisory 2022-7340-01 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. Issues addressed include file overwrite and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: php-pear security update  
Advisory ID:       RHSA-2022:7340-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7340  
Issue date:        2022-11-02  
CVE Names:         CVE-2020-28948 CVE-2020-28949 CVE-2020-36193  
====================================================================  
1. Summary:

An update for php-pear is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

The php-pear package contains the PHP Extension and Application Repository  
(PEAR), a framework and distribution system for reusable PHP components.

Security Fix(es):

* Archive_Tar: allows an unserialization attack because phar: is blocked  
but PHAR: is not blocked (CVE-2020-28948)

* Archive_Tar: improper filename sanitization leads to file overwrites  
(CVE-2020-28949)

* Archive_Tar: directory traversal due to inadequate checking of symbolic  
links (CVE-2020-36193)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted  
for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1904001 - CVE-2020-28948 Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked  
1910323 - CVE-2020-28949 Archive_Tar: improper filename sanitization leads to file overwrites  
1942961 - CVE-2020-36193 Archive_Tar: directory traversal due to inadequate checking of symbolic links

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:  
php-pear-1.9.4-23.el7_9.src.rpm

noarch:  
php-pear-1.9.4-23.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
php-pear-1.9.4-23.el7_9.src.rpm

noarch:  
php-pear-1.9.4-23.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-28948  
https://access.redhat.com/security/cve/CVE-2020-28949  
https://access.redhat.com/security/cve/CVE-2020-36193  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9M9zjgjWX9erEAQhf7g//SrEF1zLnoF6ccPz+hpKf5ujlqkfF8w1g  
L6o3Wslzsg3RM32mwzlp5HNFslSrYT/KL452F4tcethaOdLmXMuRhDo3iRVSjIg+  
R8bohcbIygb61o4kisztT6K8EdhVSwalRC5QBeYrhtaDZ+iMAvNEsQ63i94dCLUo  
87yC+z15zPb7lOZyg6iYVvu7rG9Kkj2s742Ul0ktGQbuBLQBxzhjeOwiPUwv2aWE  
/0pAzF0QqzZba1wxEpuc5DC4ZSXBqSgPRKagiS2bDeX7jcx+IIQcQLW/RZ3ArpmF  
/D0AAz/FatynCL/aB3VrepMhZN34N1HgpLUjqc6mHUP0+VxfqjiWA4t7n/39plg6  
JJiq+293JHkSG7a8P5PbsSuOIK8v2YalztxhQLGEvtzohWkOcAoF3PaYvzuE0cbb  
B4Ik5gGK+u2I4ruTqYrePlvY81Y09pkhg7lRmH+LLpx2jDOhsPodDlyRnNRnGDbI  
edWNrOGL95SFIfPG5TCf3VmDResHiDz4qKkonzsdRGehkPJly8/95JD/naSelgmJ  
e3ScLqEgSx3QE7zKz3RvK96oilulJbZVZqndKDVhEZ54f9cskhojR5Ej1w4o6Iv0  
SUMAIgObMDhvVwqlrZI5Fvo7dpDVTSKSvtEVzU59Dc7xpt4TbMpp2u/9aBOmy4Zg  
5tiMcbUOMb8=Yyw2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux