Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6437-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:6437-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6437  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64  
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The latest RHEL 8.6.z3 kernel changes need to be merged into the RT  
source tree to keep source parity between the two kernels. (BZ#2111112)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf  
bdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF  
Yqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2  
Bhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe  
qg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a  
xGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a  
R+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2  
fNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR  
3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI  
ji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2  
+ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt  
/NJdeWcHmjI=t/FA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6437-01

Red Hat Security Advisory 2022-6447-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby:2.7 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6447-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6447  
Issue date:        2022-09-13  
CVE Names:         CVE-2021-41817 CVE-2021-41819 CVE-2022-28739   
=====================================================================

1. Summary:

An update for the ruby:2.7 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It  
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby  
(2.7.6). (BZ#2109424)

Security Fix(es):

* ruby: Regular expression denial of service vulnerability of Date parsing  
methods (CVE-2021-41817)

* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods  
2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse  
2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion  
2109424 - ruby:2.7/ruby: Rebase to the latest Ruby 2.7 release [rhel-8] [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.src.rpm  
rubygem-abrt-0.4.0-1.module+el8.3.0+7192+4e3a532a.src.rpm  
rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.src.rpm  
rubygem-mongo-2.11.3-1.module+el8.3.0+7192+4e3a532a.src.rpm  
rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.src.rpm  
rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.src.rpm

aarch64:  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm  
rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm  
rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm

noarch:  
ruby-default-gems-2.7.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
ruby-doc-2.7.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-abrt-0.4.0-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-abrt-doc-0.4.0-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-bson-doc-4.8.1-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-bundler-2.2.24-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-irb-1.2.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-minitest-5.13.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-mongo-2.11.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-mongo-doc-2.11.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-mysql2-doc-0.5.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-net-telnet-0.2.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-pg-doc-1.2.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm  
rubygem-power_assert-1.1.7-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-rake-13.0.1-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-rdoc-6.2.1.1-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-test-unit-3.3.4-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygem-xmlrpc-0.3.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygems-3.1.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm  
rubygems-devel-3.1.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm

ppc64le:  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm  
rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm  
rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm

s390x:  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm  
rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm  
rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm

x86_64:  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm  
rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm  
rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm  
rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41817  
https://access.redhat.com/security/cve/CVE-2021-41819  
https://access.redhat.com/security/cve/CVE-2022-28739  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB8tzjgjWX9erEAQgejg/+OH6Jsb1IZAFisrfV/6nIZOkFqhSKpzNf  
4VhuC22aesYUEWvSip2jHbFeGVkuI+iqieKPGLr6qHxZ4m8gt5EC8Ti8L6RbJ6rx  
W0/JZBalDZDLbsZJrbAH3EoP5WOQ1DYY+FTXaQNX4Yf2VIhTTFFtBXrYumtikkcW  
K8u1qT6v3rhdysSwJc+SZi0X2AVQrTRrRXjN4ozsypJvyAkOQRYB+v79YSNVK80q  
KF/4U76ohYBx5pbzHW+Vqf8ZMBaGuseXFbcgcqlWUC4n8pKNo06pcof5+nkMYM2Z  
tPieoq7AYs9f0zeVi39kkqhyXDPCZhCxcCaBepSAFAEUil6Pib7yWA+AA/FsITC6  
Zvyn9ALA25XrUeeUAH8VngWWpJH6vcYxJe2AzkPXYoGEdgNhVgpnmdLWVkd80VSG  
ASEnPstIqYUGNR4Y1rTTy6DuvlFBlLfbwntfq1FtlXiScpvpQ8sJ+cquE4UaxWc2  
ifggdPHVHILtNFom3hDNx1l89v2bOLhS6/1DgqRKUq/J1zvHx61rCqxZ1pwh3U23  
rX2UPZ7oFlZCN2g884wLUJFPbJEs8di/0MTm6bdka27O1SP0h6d9vhZ4O69L8/BP  
GdtDZBe0TchUf+Zr0mAf7k0Mb66XH9/8oru+iEMq0tky97EVOpmbzbrYiOYdrJ4Y  
kP56IuEnZFk=  
=Mwlx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6447-01

Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security and bug fix update  
Advisory ID:       RHSA-2022:6448-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6448  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-32212 CVE-2022-32213 CVE-2022-32214   
                   CVE-2022-32215 CVE-2022-33987   
=====================================================================

1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: DNS rebinding in --inspect via invalid IP addresses  
(CVE-2022-32212)

* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
(CVE-2022-32213)

* nodejs: HTTP request smuggling due to improper delimiting of header  
fields (CVE-2022-32214)

* nodejs: HTTP request smuggling due to incorrect parsing of multi-line  
Transfer-Encoding (CVE-2022-32215)

* got: missing verification of requested URLs allows redirects to UNIX  
sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)

* nodejs:14/nodejs: Specify --with-default-icu-data-dir when using  
bootstrap build (BZ#2111417)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets  
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses  
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding  
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields  
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
2106367 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

noarch:  
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

s390x:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

x86_64:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32212  
https://access.redhat.com/security/cve/CVE-2022-32213  
https://access.redhat.com/security/cve/CVE-2022-32214  
https://access.redhat.com/security/cve/CVE-2022-32215  
https://access.redhat.com/security/cve/CVE-2022-33987  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB7NzjgjWX9erEAQi+GhAAiXG9iBXr215vvQfz+nTteMZatx8rYbmP  
SMj+YySptChtc8Y1BZvbB6uyhDtNYkkz1qWiNCw1nrbNBtI2XrbUWg06TNf+7AFZ  
HYkwtC77dT1Pm09AgXK0F3s1sckigqilY4hYnI25MjavOXZ0eXkbPXeQbFlyDKLG  
JB3qc2or3Zjcbx2bGPGa1vTaBghpmV72h6UK38EOeq2fs/Hmoid2uZt+0o4D9P9j  
9PYTqhVCapZIZkCZszXAqhO+8+AFymip1h1NVD48Il57NpTXcw+3luwfBx6KSdQj  
eb68MzmO0f75G2bMlPXB2r+f5f0Yr+k/7ljKvCd6CiQc2vJTuh4ojIthue4b9bNR  
++SNS5za43IPa/SYpojqHWMXrDSQR7GfR4VmN4CP4Hhn/7T9oL6pVf168zIARsvG  
/qA6fqh2k768el1V1STK+2Cum2i6mDGNvREp1KqnEnkVkWxRUVY0ZGCesEwX2jaV  
pPmk74abdZUeCja3OYFD9Ca99R2PWD7qfTVhuJJQJlZMlyFmf41SUfwzY0O4INsA  
FRhCxlKZL8BtiMiykzXOofax06NNBFNIXYbzBYBGqqZm8hiYXwdsWXI1tFe8RZSV  
aJeC5Qc7labBGhpSHkReIsjC/0RJ2zg8jE6axvhcA656F2Jb590Dmyy2T+OEX6HO  
OzI3A+IYzXw=  
=hjLi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:16 security and bug fix update  
Advisory ID:       RHSA-2022:6449-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6449  
Issue date:        2022-09-13  
CVE Names:         CVE-2021-3807 CVE-2022-32212 CVE-2022-32213   
                   CVE-2022-32214 CVE-2022-32215 CVE-2022-33987   
=====================================================================

1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching  
ANSI escape codes (CVE-2021-3807)

* nodejs: DNS rebinding in --inspect via invalid IP addresses  
(CVE-2022-32212)

* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
(CVE-2022-32213)

* nodejs: HTTP request smuggling due to improper delimiting of header  
fields (CVE-2022-32214)

* nodejs: HTTP request smuggling due to incorrect parsing of multi-line  
Transfer-Encoding (CVE-2022-32215)

* got: missing verification of requested URLs allows redirects to UNIX  
sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:16/nodejs: rebase to latest upstream release (BZ#2106369)

* nodejs:16/nodejs: Specify --with-default-icu-data-dir when using  
bootstrap build (BZ#2111416)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets  
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses  
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding  
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields  
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
2106369 - nodejs:16/nodejs: rebase to latest upstream release [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.aarch64.rpm

noarch:  
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.ppc64le.rpm

s390x:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.s390x.rpm

x86_64:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2022-32212  
https://access.redhat.com/security/cve/CVE-2022-32213  
https://access.redhat.com/security/cve/CVE-2022-32214  
https://access.redhat.com/security/cve/CVE-2022-32215  
https://access.redhat.com/security/cve/CVE-2022-33987  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB5tzjgjWX9erEAQjcVQ/+Pcpf3Z3/DDwJh4jY2GGrA/WhG0SvMeTm  
YQxAaRYuhfOlxxjTiiAaUVd1DYdhPpussgGnE7CcRkoK5lR8cbmB6c74xdyjQFau  
D2G4YAVGRXyVT3kg0wP3QB7UdZH1rB9KI+5RhHMmkBBA4EpHwxxAmMSnsvWut3E+  
ocKV+0dPvdPU4AemtUKC9gAjrPDfi+4CFfHhEDWLuATSRmL/pDDiz2WLM06A3u/r  
DudYd1iNEoNLM/aA8HULhA4FTk+8RKoAuNcfO7rJQVhWtOdvJPK5GuJMziDEhToP  
aK1r84ShqzXmmxVu0CWYN3saYaf7BD51RiA7eFjzYFbjRSmqzfxvluLVEqM2HnQq  
3yMSOgk/wO79gqpkWIa4DU6+LPWEjDj9y1sJIIN2XFHScXIAv7NwhoxH4R7D5Pe2  
bj5MOmUa64DJGOjwKiLZ7yCjJHpm7RpVuNK3v9wvwoKRcGOEMlkNpbHtgMOiWslC  
ljCy6v7QmYGSThzKTfTsB6QjIUSjDr6x0GCCl87TrYNDDUxhBybCk+i0+9EpXB7j  
0DUiK3GhID7JRIMA5nFRrmpY9AIjeV5hMq2GCjHk3g3wGSk59rHZeKEQSVC+ZAmX  
EzMOFxa62RDOkxkOBrqa4U4kCXzHmtJsJgGKRKV3GwdDd/+C8LmBAlguB9Dumaz/  
l0sgCdVTvRU=  
=n6kC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby:3.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6450-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6450  
Issue date:        2022-09-13  
CVE Names:         CVE-2021-41817 CVE-2021-41819 CVE-2022-28738   
                   CVE-2022-28739   
=====================================================================

1. Summary:

An update for the ruby:3.0 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It  
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby  
(3.0.4). (BZ#2109431)

Security Fix(es):

* ruby: Regular expression denial of service vulnerability of Date parsing  
methods (CVE-2021-41817)

* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

* Ruby: Double free in Regexp compilation (CVE-2022-28738)

* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8]  
(BZ#2110981)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods  
2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse  
2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation  
2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion  
2109431 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-8] [rhel-8.6.0.z]  
2110981 - ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.src.rpm  
rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.src.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.src.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.src.rpm

aarch64:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm

noarch:  
ruby-default-gems-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
ruby-doc-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-abrt-doc-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-bundler-2.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-irb-1.3.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-minitest-5.14.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-mysql2-doc-0.5.3-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-pg-doc-1.2.3-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-power_assert-1.2.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rake-13.0.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rbs-1.4.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rdoc-6.3.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rexml-3.2.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rss-0.2.9-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-test-unit-3.3.7-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-typeprof-0.15.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygems-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygems-devel-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm

ppc64le:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm

s390x:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm

x86_64:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41817  
https://access.redhat.com/security/cve/CVE-2021-41819  
https://access.redhat.com/security/cve/CVE-2022-28738  
https://access.redhat.com/security/cve/CVE-2022-28739  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB39zjgjWX9erEAQhxWw/+KSmwOTYjC11C1DDOcN3gyX3jVPdq04pL  
SEeobwoattaVo7kvVHRMFncpWiqrGY4j2V7vEFUh0ejKF8PxSVBYwxB+NfNmD2V3  
l8XEaFGq0/l8GHBFEc2IqAP4wmXhECxE3nI2eaOBm0FYlQIHnw9vmvck0uxelZQ5  
MoNLPMmq5X3tD6E8bbJvg0JbkemcQF8Q6tfKlAHIsvsc4cthCNcTPa8gyN1uXH+0  
pEG5MMxRC+06lTStqQVKbbyVSDmHoaQBjXhNo9NROlgkvqwLAhrWZzDMLs/4d7fS  
3Cy/p80vWpVg56M3oPIY4OMfMgNwrLwfLqCJWFA0IcdYhffClzorMiCs85MteWQA  
zYZoaKFOf0m38TD1yTOtjcXoHrtbLfXsnQFu5R08SyBCj7ppI1IUE8rCHvNtDnCp  
CQke/GAHoNeFBppAsfseDkOndutSipImmygGhX05QI5gvRC3/Cz/nAvZX9TpNia5  
SlVsO8w9XJIvtbcLjOkHBjFuGpZ71bHNBOqveRkfuE6q3W6TXKpqhTlkipdrb41L  
6nuJKNm89/Hi++5RKmv6YJRDfLr86K9StCBtrvEqgV9XTt6ppwEI/0uzbVFhPtVi  
i1dh8XruZEtAMUqUToc3jj4gGZgn9deXfNgZxp1phVMjKq1CRpG965xCM3yE9iPV  
4jmxeiFCqp0=  
=YJLI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6457-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: python3 security update  
Advisory ID:       RHSA-2022:6457-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6457  
Issue date:        2022-09-13  
CVE Names:         CVE-2015-20107 CVE-2022-0391   
=====================================================================

1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python(mailcap): findmatch() function does not sanitise the second  
argument (CVE-2015-20107)

* python: urllib.parse does not sanitize URLs containing ASCII newline and  
tabs (CVE-2022-0391)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs  
2075390 - CVE-2015-20107 python(mailcap): findmatch() function does not sanitise the second argument

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
platform-python-debug-3.6.8-47.el8_6.aarch64.rpm  
platform-python-devel-3.6.8-47.el8_6.aarch64.rpm  
python3-debuginfo-3.6.8-47.el8_6.aarch64.rpm  
python3-debugsource-3.6.8-47.el8_6.aarch64.rpm  
python3-idle-3.6.8-47.el8_6.aarch64.rpm  
python3-tkinter-3.6.8-47.el8_6.aarch64.rpm

ppc64le:  
platform-python-debug-3.6.8-47.el8_6.ppc64le.rpm  
platform-python-devel-3.6.8-47.el8_6.ppc64le.rpm  
python3-debuginfo-3.6.8-47.el8_6.ppc64le.rpm  
python3-debugsource-3.6.8-47.el8_6.ppc64le.rpm  
python3-idle-3.6.8-47.el8_6.ppc64le.rpm  
python3-tkinter-3.6.8-47.el8_6.ppc64le.rpm

s390x:  
platform-python-debug-3.6.8-47.el8_6.s390x.rpm  
platform-python-devel-3.6.8-47.el8_6.s390x.rpm  
python3-debuginfo-3.6.8-47.el8_6.s390x.rpm  
python3-debugsource-3.6.8-47.el8_6.s390x.rpm  
python3-idle-3.6.8-47.el8_6.s390x.rpm  
python3-tkinter-3.6.8-47.el8_6.s390x.rpm

x86_64:  
platform-python-3.6.8-47.el8_6.i686.rpm  
platform-python-debug-3.6.8-47.el8_6.i686.rpm  
platform-python-debug-3.6.8-47.el8_6.x86_64.rpm  
platform-python-devel-3.6.8-47.el8_6.i686.rpm  
platform-python-devel-3.6.8-47.el8_6.x86_64.rpm  
python3-debuginfo-3.6.8-47.el8_6.i686.rpm  
python3-debuginfo-3.6.8-47.el8_6.x86_64.rpm  
python3-debugsource-3.6.8-47.el8_6.i686.rpm  
python3-debugsource-3.6.8-47.el8_6.x86_64.rpm  
python3-idle-3.6.8-47.el8_6.i686.rpm  
python3-idle-3.6.8-47.el8_6.x86_64.rpm  
python3-test-3.6.8-47.el8_6.i686.rpm  
python3-tkinter-3.6.8-47.el8_6.i686.rpm  
python3-tkinter-3.6.8-47.el8_6.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
python3-3.6.8-47.el8_6.src.rpm

aarch64:  
platform-python-3.6.8-47.el8_6.aarch64.rpm  
python3-debuginfo-3.6.8-47.el8_6.aarch64.rpm  
python3-debugsource-3.6.8-47.el8_6.aarch64.rpm  
python3-libs-3.6.8-47.el8_6.aarch64.rpm  
python3-test-3.6.8-47.el8_6.aarch64.rpm

ppc64le:  
platform-python-3.6.8-47.el8_6.ppc64le.rpm  
python3-debuginfo-3.6.8-47.el8_6.ppc64le.rpm  
python3-debugsource-3.6.8-47.el8_6.ppc64le.rpm  
python3-libs-3.6.8-47.el8_6.ppc64le.rpm  
python3-test-3.6.8-47.el8_6.ppc64le.rpm

s390x:  
platform-python-3.6.8-47.el8_6.s390x.rpm  
python3-debuginfo-3.6.8-47.el8_6.s390x.rpm  
python3-debugsource-3.6.8-47.el8_6.s390x.rpm  
python3-libs-3.6.8-47.el8_6.s390x.rpm  
python3-test-3.6.8-47.el8_6.s390x.rpm

x86_64:  
platform-python-3.6.8-47.el8_6.x86_64.rpm  
python3-debuginfo-3.6.8-47.el8_6.i686.rpm  
python3-debuginfo-3.6.8-47.el8_6.x86_64.rpm  
python3-debugsource-3.6.8-47.el8_6.i686.rpm  
python3-debugsource-3.6.8-47.el8_6.x86_64.rpm  
python3-libs-3.6.8-47.el8_6.i686.rpm  
python3-libs-3.6.8-47.el8_6.x86_64.rpm  
python3-test-3.6.8-47.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-20107  
https://access.redhat.com/security/cve/CVE-2022-0391  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB2dzjgjWX9erEAQiWxxAAlWeTdVBVug0zEnEMtfv2MLICwPpP0Bfq  
fxU516CJG+wHVGuSglzEaYS/vTXHzUTDzCFLqayDImBgUTJavmK8oua7Ih7/sgc+  
zziu8+it5NBGvQRu9Tz23TSteE97AD2UeOKmBBU9SXkXmn6sJEfU899Q8dL+6xKT  
pnzRxc/eaOP85EwRRHUVegS10A3FD+kFbDMHc59GnEnQcRwSK50EGnj+Gauh3AL1  
dVXKfsplBm/wG/CR/3Ytv0yMoPdA+r9+inizhgCeYmc2DsyTGPPtZfkIiqEju4Hq  
ZB4ywxBUR3lp1o9Y1ZDfiA0iGqOiGn/SbjYXYoHNTQVMXDGwdThdzhiegGOa0iEj  
u7/SIH+trMmdbgnR9FpDQO7cjtn0PFykjb2uNHyssA24qvuFVKDsvqibpboEyYVM  
41B5zYvJsei9P4f4QR8Ep9mrScKBwvQ0Bdc8fC0pUhcRe24g8gxZEnh/ReYOOCnv  
qL1xlgUePljUjhvH3N0WuQTS+Hd0cVdtxDzMlAvjWccioNWF4byvi7HuXnePfsof  
3nd604G0SipeKa8WKXuoTk0xsd9r3/9Fjv45VjGdSGWabO3CF5lQfcca8gEf9chv  
2PJTZvaFldJQ1tv+mm7U4KzwUn3J7k4/p+aR1jDVbyXbDU9OGRtMD66r5SIufM4n  
qechXtE5LLM=  
=guoV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6457-01

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6460-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6460  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2081013)

* slub corruption during  LPM of hnv interface (BZ#2081250)

* Affinity broken due to vector space exhaustion (BZ#2084646)

* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)

* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)  
(BZ#2092241)

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)  
(BZ#2095654)

* mt7921: free resources on pci_probe error path (BZ#2101684)

* NLM should be more defensive if underlying FS changes fl_owner  
(BZ#2102099)

* RHEL8/async-pf Guest call trace when reboot after postcopy migration with  
high stress workload (BZ#2105340)

* execve exit tracepoint not called (BZ#2106662)

* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)

* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)

* KVM selftests fail to compile (BZ#2107655)

* Some monitor have no display with AMD W6400 when boot into OS.  
(BZ#2109826)

* Percpu counter usage is gradually getting increasing during podman  
container recreation. (BZ#2110039)

* multipath failed to recover after EEH hit on flavafish adapter on  
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)

* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)

* trouble re-assigning MACs to VFs, ice stricter than other drivers  
(BZ#2111936)

* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)

* Multicast packets are not received by all VFs on the same port even  
though they have the same VLAN (BZ#2117026)

* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)

* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)

* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)

* bridge over bond over ice ports has no connection (BZ#2118580)

* Fix max VLANs available for VF (BZ#2118581)

* offline selftest failed (BZ#2118582)

* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on  
E810-XXVDA4T (WPC) (BZ#2118583)

* VM configured with failover interface will coredump after been migrating  
from source host to target host(only iavf driver) (BZ#2118705)

* Fix max VLANs available for untrusted VF (BZ#2118707)

* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset  
(BZ#2120776)

Enhancement(s):

* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)

* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)

* ice: Driver Update (BZ#2102359)

* iavf: Driver Update (BZ#2102360)

* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-372.26.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV  
1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO  
fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ  
DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p  
Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4  
ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri  
dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/  
pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR  
lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI  
Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv  
Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv  
a685GRAjoyY=  
=4AwP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6463-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: gnupg2 security update  
Advisory ID:       RHSA-2022:6463-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6463  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-34903   
=====================================================================

1. Summary:

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and  
creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

* gpg: Signature spoofing via status line injection (CVE-2022-34903)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
gnupg2-2.2.20-3.el8_6.src.rpm

aarch64:  
gnupg2-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-smime-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.aarch64.rpm

ppc64le:  
gnupg2-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

s390x:  
gnupg2-2.2.20-3.el8_6.s390x.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.s390x.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.s390x.rpm  
gnupg2-smime-2.2.20-3.el8_6.s390x.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.s390x.rpm

x86_64:  
gnupg2-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCBytzjgjWX9erEAQhBhg/+KSNEvBY3M8glyU/at+t3haHSa0Ap6wtb  
y51Ua4fZ6rpA02TISCldKooeCOwvi5i66hwBT3ConquMSGm2RnKGOsifz7eWpl04  
C+VcLu2R7w+egdw+smnzJmt4g/0SqIRFn/OTC8bIgM1bx4CzpZRqjlkWSUqiR6/T  
8vf5yTClfwRc52Nt2lK1LNxX93AdPhI6rg9D9TgVt1nzshLDbRxIhoIgBKQyoeav  
YA0s8wtivise5QMH+occGIDBKk/fiiV/43dDRTnVpsrN7TzMOOMo2/9nSI7tdio4  
+dNhuu41Ls0bi2kNNPa6IWePrs0lcscwp2IXY04y+XZH0seucWzsEYh7JbSUfvCQ  
tLjuRrWRtiSI3rc3G1FgRb56zqcikeareekYB7pOixxbjJM0JEoCe89w8ELA5S0R  
7oW4EmMSgw9Xc7ytddqmK6aqit7JL3RZpSEAe2nY27+XsyVp8/P58mFz7/9cH0tF  
AdQFJfEMfHaWncTaY8m1LNS+03F72bsfZHwURuyKWOrwZa5CoM7pD20MSZuDNhJF  
TzJ/ZCJvyGkIiyLFl7tLWKLoXgsLi2iuyWKwP3QgCsoBYdx963BV5UVeslZjCvOp  
sWebkDhq5HJ9x4UKTkyT8RsI/q4BOFPflu4PwlGJEMQf1q7tMr0OZFKoD+Ku3JcH  
gnZufTP+0IE=  
=AKN0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6463-01

Red Hat Security Advisory 2022-6432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:6432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6432  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-1729   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: race condition in perf_event_open leads to privilege escalation  
(CVE-2022-1729)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Posix ACL object is leaked in several places upon setattr and fsetxattr  
syscalls (BZ#2106587)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

ppc64le:  
kernel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm

x86_64:  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

ppc64le:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1729  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCBxdzjgjWX9erEAQhKxA/9Hw1hyZk5zX6OsPzqT/n32YbvIfWh/RWC  
fCC7NzSsHPDZNyDnStFsU4TmbJOiJv33dW2vnUFNJeBBPfjMJLNi+qW8Ahbfb7oq  
njo8hr/JzaNHrWUlQwOC+Y5GMDdzfBb0Dj5eNVSze+3/jzoKEeeQs63I3F5wpKzg  
xNRPcnqWm32nN6xAE+6Tt7S73OZVkec+T9Qhl50jDIIYLe50wph1Hb5Ipg07u+k3  
h+OiwdZH+MHyMMNWAONnaik/7sr+5/sZINufl3SDdATs1PA5kCtcdseXRarKYhh6  
Uw+LZMNNdwX7m/zy1Aq+XI9sK+UZcTE0Er/YPB5huhoMqJjDq2IDiUDypYN6LALH  
5Q+lCK31zVt51qM4PGsic/t2yZPb3NbOhuVZwMLnTycdMtiEbvhc1TUbQW4f+8f5  
9f4ynSGsmN+okW8pTIc75MCP6p9fv7i/LknmBeKFpj78gBnJ+CyeH29n1mV0+qgI  
e+tfx7nO0zPbMw4n5FlQ3wiHWnayg2kk3Uc11wGH7E7D/f5BAyzrtEa7W0W6K3g/  
MZUidAcIqa3PIkrcbYqk+LEV83X0L9z12F8DSrJKQScY4Mi3pwXOebBquQ99GKAi  
pjq3CmNUJQSOFP7Mj9bOrKjeXJIOVbcKHRIk+EgcRPoOMBRgZiR6yvMzspj0Akd2  
utx/DwGeYqU=  
=mygj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux