A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Fri, 20 May 2022 22:14:36 +0200
From: Norbert Slusarek <nslusarek@....net>
To: oss-security@...ts.openwall.com
Cc: peterz@...radead.org
Subject: CVE-2022-1729: race condition in Linux perf subsystem leads to
 local privilege escalation

Hello,

this is an announcement for a recently reported vulnerability (CVE-2022-1729) in the perf subsystem
of the Linux kernel. The issue is a race condition which was proven to allow for a local privilege
escalation to root on current kernel version >= 5.4.193, but the bug seems to exist since kernel
version 4.0-rc1 (patch fixes the commit to this version).
Fortunately, major Linux distributions often restrict the use of perf for unprivileged users by
setting the sysctl variable kernel.perf\_event\_paranoid >= 3, effectively rendering the
vulnerability harmless.

The patch can be found at
https://lkml.kernel.org/r/20220520183806.GV2578@worktop.programming.kicks-ass.net

Details
-------

The following syscall order triggers the bug:

1) fd0 = perf\_event\_open, type PERF\_TYPE\_TRACEPOINT is created.

Called simultaneously:

2) thread 1: fd1 = perf\_event\_open, type PERF\_TYPE\_HARDWARE, group leader fd0
3) thread 2: fd2 = perf\_event\_open, type PERF\_TYPE\_SOFTWARE, group leader fd0

4) thread 1: fd1 is of type PERF\_TYPE\_HARDWARE, and the group leader is of
	type PERF\_TYPE\_TRACEPOINT. Because fd1 is a hardware event in a software event group,
	the whole group is required to move to a hardware context, so move\_group is set to 1.

5) thread 1: fd1 takes the context lock.

6) thread 2: fd2 is of type PERF\_TYPE\_SOFTWARE, so no group migration is needed and
	move\_group is set to 0. This thread \*waits\* at the lock while it's held by fd1.

7) thread 1: all siblings of fd1 and the group leader fd0 are moved from
	the current software context to a new hardware context.

8) thread 1: creation of fd1 is finished and the lock released.

9) thread 2: fd2 acquires the lock, and it is still attached to the old software context,
	even though its group leader fd0 is attached to the new hardware context.

The following sequence of event closes leaves a dangling pointer in the hardware context:

1) close fd0
2) close fd1
	All of its siblings (fd2 in this case) are attached to a new context.
	Now, fd2 is in two contexts at the same time.
3) close fd2
	The event is removed from its old software context and freed, but a dangling pointer still persists
	in the newer context. For instance, merge\_sched\_in() can access this freed event when scheduling
	in events for the hardware context, leading to a use-after-free.


Regards,
Norbert

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2022-1729: security - CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

'2116927?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-2739: Invalid Bug ID

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2022-2738: Red Hat Customer Portal - Access to 24x7 support and knowledge

An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.

CVE-2022-3078

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

CVE-2022-3061

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

CVE-2020-27784

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑28199

NVIDIA’s distribution of the Data Plane Development Kit (MLNX\_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

6.5

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2022‑28199

MLNX\_DPDK

Linux,Windows

mlnx\_dpdk\_19.11\_1.\*.\* through mlnx\_dpdk\_20.11\_1.0.0-4.\*.\*

mlnx\_dpdk\_20.11\_5.0.0

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

August 29, 2022

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update  
Advisory ID:       RHSA-2022:6306-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6306  
Issue date:        2022-09-01  
CVE Names:         CVE-2021-46659 CVE-2021-46661 CVE-2021-46663  
                   CVE-2021-46664 CVE-2021-46665 CVE-2021-46668  
                   CVE-2021-46669 CVE-2022-21427 CVE-2022-24048  
                   CVE-2022-24050 CVE-2022-24051 CVE-2022-24052  
                   CVE-2022-27376 CVE-2022-27377 CVE-2022-27378  
                   CVE-2022-27379 CVE-2022-27380 CVE-2022-27381  
                   CVE-2022-27383 CVE-2022-27384 CVE-2022-27386  
                   CVE-2022-27387 CVE-2022-27445 CVE-2022-27447  
                   CVE-2022-27448 CVE-2022-27449 CVE-2022-27452  
                   CVE-2022-27456 CVE-2022-27458 CVE-2022-31622  
                   CVE-2022-31623 CVE-2022-32083 CVE-2022-32085  
                   CVE-2022-32087 CVE-2022-32088  
====================================================================  
1. Summary:

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now  
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all  
practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version:  
rh-mariadb103-galera (25.3.35), rh-mariadb103-mariadb (10.3.35).

Security Fix(es):

* mariadb: MariaDB through 10.5.9 allows attackers to trigger a  
convert_const_to_int use-after-free when the BIGINT data type is used  
(CVE-2021-46669)

* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)  
(CVE-2022-21427)

* mariadb: lack of proper validation of the length of user-supplied data  
prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048)

* mariadb: lack of validating the existence of an object prior to  
performing operations on the object (CVE-2022-24050)

* mariadb: lack of proper validation of a user-supplied string before using  
it as a format specifier (CVE-2022-24051)

* mariadb: CONNECT storage engine heap-based buffer overflow  
(CVE-2022-24052)

* mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376)

* mariadb: use-after-poison when complex conversion is involved in blob  
(CVE-2022-27377)

* mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378)

* mariadb: server crash in component arg_comparator::compare_real_fixed  
(CVE-2022-27379)

* mariadb: server crash at my_decimal::operator= (CVE-2022-27380)

* mariadb: server crash at Field::set_default via specially crafted SQL  
statements (CVE-2022-27381)

* mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c  
(CVE-2022-27383)

* mariadb: crash via component Item_subselect::init_expr_cache_tracker  
(CVE-2022-27384)

* mariadb: server crashes in query_arena::set_query_arena upon SELECT from  
view (CVE-2022-27386)

* mariadb: assertion failures in decimal_bin_size (CVE-2022-27387)

* mariadb: assertion failure in compare_order_elements (CVE-2022-27445)

* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447)

* mariadb: crash in multi-update and implicit grouping (CVE-2022-27448)

* mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449)

* mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452)

* mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc  
(CVE-2022-27456)

* mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458)

* mariadb: improper locking due to the unreleased lock in  
extra/mariabackup/ds_compress.cc (CVE-2022-31622)

* mariadb: improper locking due to the unreleased lock in  
extra/mariabackup/ds_compress.cc (CVE-2022-31623)

* mariadb: server crash at Item_subselect::init_expr_cache_tracker  
(CVE-2022-32083)

* mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor  
(CVE-2022-32085)

* mariadb: server crash in Item_args::walk_args (CVE-2022-32087)

* mariadb: segmentation fault in  
Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort  
(CVE-2022-32088)

* mariadb: Crash executing query with VIEW, aggregate and subquery  
(CVE-2021-46659)

* mariadb: MariaDB allows an application crash in find_field_in_tables and  
find_order_in_list via an unused common table expression (CTE)  
(CVE-2021-46661)

* mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application  
crash via certain SELECT statements (CVE-2021-46663)

* mariadb: MariaDB through 10.5.9 allows an application crash in  
sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664)

* mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash  
because of incorrect used_tables expectations (CVE-2021-46665)

* mariadb: MariaDB through 10.5.9 allows an application crash via certain  
long SELECT DISTINCT statements (CVE-2021-46668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [Tracker] Rebase to Galera 25.3.35 for MariaDB-10.3 (BZ#2107054)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be  
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2049302 - CVE-2021-46659 mariadb: Crash executing query with VIEW, aggregate and subquery  
2050017 - CVE-2021-46661 mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)  
2050022 - CVE-2021-46663 mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements  
2050024 - CVE-2021-46664 mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr  
2050026 - CVE-2021-46665 mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations  
2050032 - CVE-2021-46668 mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements  
2050034 - CVE-2021-46669 mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used  
2068211 - CVE-2022-24052 mariadb: CONNECT storage engine heap-based buffer overflow  
2068233 - CVE-2022-24051 mariadb: lack of proper validation of a user-supplied string before using it as a format specifier  
2068234 - CVE-2022-24048 mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer  
2069833 - CVE-2022-24050 mariadb: lack of validating the existence of an object prior to performing operations on the object  
2074817 - CVE-2022-27376 mariadb: assertion failure in Item_args::walk_arg  
2074947 - CVE-2022-27377 mariadb: use-after-poison when complex conversion is involved in blob  
2074949 - CVE-2022-27378 mariadb: server crash in create_tmp_table::finalize  
2074951 - CVE-2022-27379 mariadb: server crash in component arg_comparator::compare_real_fixed  
2074966 - CVE-2022-27380 mariadb: server crash at my_decimal::operator2074981 - CVE-2022-27381 mariadb: server crash at Field::set_default via specially crafted SQL statements  
2074996 - CVE-2022-27383 mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c  
2074999 - CVE-2022-27384 mariadb: crash via component Item_subselect::init_expr_cache_tracker  
2075005 - CVE-2022-27386 mariadb: server crashes in query_arena::set_query_arena upon SELECT from view  
2075006 - CVE-2022-27387 mariadb: assertion failures in decimal_bin_size  
2075691 - CVE-2022-27445 mariadb: assertion failure in compare_order_elements  
2075693 - CVE-2022-27447 mariadb: use-after-poison in Binary_string::free_buffer  
2075694 - CVE-2022-27448 mariadb: crash in multi-update and implicit grouping  
2075695 - CVE-2022-27449 mariadb: assertion failure in sql/item_func.cc  
2075697 - CVE-2022-27456 mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc  
2075700 - CVE-2022-27458 mariadb: use-after-poison in Binary_string::free_buffer  
2076145 - CVE-2022-27452 mariadb: assertion failure in sql/item_cmpfunc.cc  
2082644 - CVE-2022-21427 mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)  
2092354 - CVE-2022-31622 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc  
2092360 - CVE-2022-31623 mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc  
2104425 - CVE-2022-32083 mariadb: server crash at Item_subselect::init_expr_cache_tracker  
2104431 - CVE-2022-32085 mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor  
2104434 - CVE-2022-32087 mariadb: server crash in Item_args::walk_args  
2106008 - CVE-2022-32088 mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-mariadb103-galera-25.3.35-1.el7.src.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.src.rpm

ppc64le:  
rh-mariadb103-galera-25.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-galera-debuginfo-25.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-backup-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-backup-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-common-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-config-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-config-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-connect-engine-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-debuginfo-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-devel-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-errmsg-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-gssapi-server-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-oqgraph-engine-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-galera-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-galera-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-utils-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-server-utils-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-syspaths-10.3.35-1.el7.ppc64le.rpm  
rh-mariadb103-mariadb-test-10.3.35-1.el7.ppc64le.rpm

s390x:  
rh-mariadb103-galera-25.3.35-1.el7.s390x.rpm  
rh-mariadb103-galera-debuginfo-25.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-backup-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-backup-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-common-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-config-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-config-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-connect-engine-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-debuginfo-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-devel-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-errmsg-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-gssapi-server-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-oqgraph-engine-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-galera-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-galera-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-utils-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-server-utils-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-syspaths-10.3.35-1.el7.s390x.rpm  
rh-mariadb103-mariadb-test-10.3.35-1.el7.s390x.rpm

x86_64:  
rh-mariadb103-galera-25.3.35-1.el7.x86_64.rpm  
rh-mariadb103-galera-debuginfo-25.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-backup-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-backup-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-common-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-config-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-config-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-connect-engine-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-debuginfo-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-devel-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-errmsg-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-gssapi-server-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-oqgraph-engine-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-galera-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-galera-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-utils-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-utils-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-test-10.3.35-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-mariadb103-galera-25.3.35-1.el7.src.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.src.rpm

x86_64:  
rh-mariadb103-galera-25.3.35-1.el7.x86_64.rpm  
rh-mariadb103-galera-debuginfo-25.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-backup-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-backup-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-common-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-config-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-config-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-connect-engine-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-debuginfo-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-devel-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-errmsg-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-gssapi-server-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-oqgraph-engine-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-galera-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-galera-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-utils-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-server-utils-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-syspaths-10.3.35-1.el7.x86_64.rpm  
rh-mariadb103-mariadb-test-10.3.35-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-46659  
https://access.redhat.com/security/cve/CVE-2021-46661  
https://access.redhat.com/security/cve/CVE-2021-46663  
https://access.redhat.com/security/cve/CVE-2021-46664  
https://access.redhat.com/security/cve/CVE-2021-46665  
https://access.redhat.com/security/cve/CVE-2021-46668  
https://access.redhat.com/security/cve/CVE-2021-46669  
https://access.redhat.com/security/cve/CVE-2022-21427  
https://access.redhat.com/security/cve/CVE-2022-24048  
https://access.redhat.com/security/cve/CVE-2022-24050  
https://access.redhat.com/security/cve/CVE-2022-24051  
https://access.redhat.com/security/cve/CVE-2022-24052  
https://access.redhat.com/security/cve/CVE-2022-27376  
https://access.redhat.com/security/cve/CVE-2022-27377  
https://access.redhat.com/security/cve/CVE-2022-27378  
https://access.redhat.com/security/cve/CVE-2022-27379  
https://access.redhat.com/security/cve/CVE-2022-27380  
https://access.redhat.com/security/cve/CVE-2022-27381  
https://access.redhat.com/security/cve/CVE-2022-27383  
https://access.redhat.com/security/cve/CVE-2022-27384  
https://access.redhat.com/security/cve/CVE-2022-27386  
https://access.redhat.com/security/cve/CVE-2022-27387  
https://access.redhat.com/security/cve/CVE-2022-27445  
https://access.redhat.com/security/cve/CVE-2022-27447  
https://access.redhat.com/security/cve/CVE-2022-27448  
https://access.redhat.com/security/cve/CVE-2022-27449  
https://access.redhat.com/security/cve/CVE-2022-27452  
https://access.redhat.com/security/cve/CVE-2022-27456  
https://access.redhat.com/security/cve/CVE-2022-27458  
https://access.redhat.com/security/cve/CVE-2022-31622  
https://access.redhat.com/security/cve/CVE-2022-31623  
https://access.redhat.com/security/cve/CVE-2022-32083  
https://access.redhat.com/security/cve/CVE-2022-32085  
https://access.redhat.com/security/cve/CVE-2022-32087  
https://access.redhat.com/security/cve/CVE-2022-32088  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYxDdV9zjgjWX9erEAQifSA//aRBkVx5vWWSNWiR+bpq9ro9ZZgI9c1kZ  
CfYDwuybF1RIkEyfkEnDsc09/UzIAumlRqiAWYitb3novcS9G3+PhMI3tNK1lGXm  
wVEZ06kY69AxLcnHazQSh1smJlgOnA+jeBJA3qbCq9gc9d7jVQQTRmLjcQISW0Nc  
Jdg8klmApRdgwQKvFfINWojVwW5+XCYqzgPags5m4/jMSs+zC64l4iedHzdaK9ni  
UeTF41qPmeiwqKfLkaxa7TXXzYO8Nj8kveZj0F7j4ZnAums+FSVmHGNDWu42OKdk  
CDX4XviQt8ykGt/21WHyeFlvxtWkU2nuzPi4MP1/OF9rh5hgImgPXpY34JNjQ6Xu  
2k90YSbZAkk2knsnbAdaDDoHLAMma4CYfjZL54ll9XTD2VVPfGxTeng2NBCWf17U  
xDqCZTVt2GdrYclmX6CE65u6b6LmO6B+ALnRbB9fFC5bFhT/t+PU4MOGBIKK1238  
6vs07JOn+hkadH7Cy0RJukdcJ1IDz7/8BDXaUQNHzcn2I2cpde8luYX3SfXkQqnH  
N2exSc0lseD/J2gWBlxzZqjWyp6ly7byYELgByugXYuCuB2JJwQA0jPmKY5HHVxp  
vCmDOa7jvP81r/LfN0e0q0oM4UE9yThi1Y4mSiKW1TPpmzRwolejwkW0xUu4fQtW  
V6O5WEsw6KYékr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6314-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2022:6314-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6314  
Issue date:        2022-09-01  
CVE Names:         CVE-2022-2735  
====================================================================  
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Resilient Storage (v. 8) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: obtaining an authentication token for hacluster user could lead to  
privilege escalation (CVE-2022-2735)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2116815 - CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux High Availability (v. 8):

Source:  
pcs-0.10.12-6.el8_6.2.src.rpm

aarch64:  
pcs-0.10.12-6.el8_6.2.aarch64.rpm  
pcs-snmp-0.10.12-6.el8_6.2.aarch64.rpm

ppc64le:  
pcs-0.10.12-6.el8_6.2.ppc64le.rpm  
pcs-snmp-0.10.12-6.el8_6.2.ppc64le.rpm

s390x:  
pcs-0.10.12-6.el8_6.2.s390x.rpm  
pcs-snmp-0.10.12-6.el8_6.2.s390x.rpm

x86_64:  
pcs-0.10.12-6.el8_6.2.x86_64.rpm  
pcs-snmp-0.10.12-6.el8_6.2.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 8):

Source:  
pcs-0.10.12-6.el8_6.2.src.rpm

ppc64le:  
pcs-0.10.12-6.el8_6.2.ppc64le.rpm  
pcs-snmp-0.10.12-6.el8_6.2.ppc64le.rpm

s390x:  
pcs-0.10.12-6.el8_6.2.s390x.rpm  
pcs-snmp-0.10.12-6.el8_6.2.s390x.rpm

x86_64:  
pcs-0.10.12-6.el8_6.2.x86_64.rpm  
pcs-snmp-0.10.12-6.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2735  
https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id!16837

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYxDdRdzjgjWX9erEAQh7WRAAnt3Q7zKoGIONdc4Pz+fjTU/zhQY/fX94  
ke+qx1jlaSE3yLYsPKBlvabwr4MFlD/EOmanz+KkfE9aCDBUGvKv8QA42RQXMpCa  
Iv7GHDI4pRc1t1MBPkxO4CvHWr5c9mA9DJE8tYHMrKlhh4JzfhNXPV6zsMlCb2/s  
JgCPia9pUoGfRgeyzQDyjvdvksXeTJf8Qj96rytCAtgj2WGEJubqHpcX7s3WNDFD  
LMUKM1b9YnoXxEd0ochmpnrjHmotZb07kSCqlS+HEY/7q0/eJZagZ7oHj8iO6Mz7  
UXe16yLESC2UsM7PdC4Xi6FPGARBnGmLrSkoNrhQ4yav8qlgBHUQHmOYOgUwH9WB  
OBCMoJg1m0x3TXPGAV4tfRp5BiVgSjfEWBgOaQgFTo7E2o2TQjG+plCSb1oNQixP  
BXV3tMFWWBIYtzxN83hPnZvox6uHXZOvRzWwekbYmEwvCnERKRlhvL0T9QCb5qu3  
yqZo4QVyy08Rya7qrCrgm92AJjhAxy1Bk0EQD/s6u6i7samM+Vj2kDir1SMrifiW  
c82+fNnDzMb2sJ4TRWp9Xza+laJOK/paJQ3rpTxVtpJRwNWUafpXBawpx/Q4UAtS  
mGOMyUBgRj66SLYKCxDxVNIj5wj4s4v3vLQPPuqjGd2uLlWjq/EynADRsO4TY5Bx  
07UXTJVBJ3A=CRof  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6314-01

Red Hat Security Advisory 2022-6312-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2022:6312-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6312  
Issue date:        2022-09-01  
CVE Names:         CVE-2022-2735  
====================================================================  
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Resilient Storage EUS (v.8.4) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: obtaining an authentication token for hacluster user could lead to  
privilege escalation (CVE-2022-2735)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2116815 - CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux High Availability EUS (v.8.4):

Source:  
pcs-0.10.8-1.el8_4.2.src.rpm

aarch64:  
pcs-0.10.8-1.el8_4.2.aarch64.rpm  
pcs-snmp-0.10.8-1.el8_4.2.aarch64.rpm

ppc64le:  
pcs-0.10.8-1.el8_4.2.ppc64le.rpm  
pcs-snmp-0.10.8-1.el8_4.2.ppc64le.rpm

s390x:  
pcs-0.10.8-1.el8_4.2.s390x.rpm  
pcs-snmp-0.10.8-1.el8_4.2.s390x.rpm

x86_64:  
pcs-0.10.8-1.el8_4.2.x86_64.rpm  
pcs-snmp-0.10.8-1.el8_4.2.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage EUS (v.8.4):

Source:  
pcs-0.10.8-1.el8_4.2.src.rpm

ppc64le:  
pcs-0.10.8-1.el8_4.2.ppc64le.rpm  
pcs-snmp-0.10.8-1.el8_4.2.ppc64le.rpm

s390x:  
pcs-0.10.8-1.el8_4.2.s390x.rpm  
pcs-snmp-0.10.8-1.el8_4.2.s390x.rpm

x86_64:  
pcs-0.10.8-1.el8_4.2.x86_64.rpm  
pcs-snmp-0.10.8-1.el8_4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2735  
https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id!16836

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYxDdT9zjgjWX9erEAQh7ShAAla4hzjBXI+Ba9Y0IIr/1QLR9/2LVV/dv  
bLPDnfzxcNivBlEKwifFvrti0mT+Br9bv6UV9aFa8IowlUUwP71grZm/Rx/hO1kH  
a7RFxGCJZ+LqDVr9jDpiGe9yOu1cb6b+hMhpzKwvO/KsAfxu70o9MjXdds0CV0qH  
inRChminbpkVEf8GIZOUDuQcq5IEd3Zo/JzD7wjgf3CHe1iC2f98t0WbCEjSmERG  
1wh2W5ht05cW7iZPj4Oo8SOj4RRSVqUhoWhapZG9HO+E9QGCIeX39sMz8ICRCosi  
fKNor4OEMCpt52u6UlJg+1a3fQNXIVoUav6dZNEKOLx/bRr0kZMpyOSHC+pqLiuY  
rcosCtUvUhBbsKgIu7iE3GWDfCbToJoBBXlD7e+8wzvTXEAE/wjI0RprBE4ceabZ  
OniXom8txVgUwEqWvyf+UwagcEfYv2Nip8blAJPzEHQ8O3zO9CxuvsblPKJD4IYa  
V9D4cxw8+RXdAGOW+d0FNDuf0dJo86weF+iCn4TteIU4boq5iQ9321Lc6b8bBSz9  
8adhTzhtyQeCDrHqqnSQndnNDG0jAYBlXECKCo01IlGHy2s1SlXflDZoGNKjmv8v  
qY1VN00xR+T3iASGH6ksp4oXAqfZRh7KvEDE3Zmsu1Bq+2LImKSHNOCXzhPa/4FT  
5/AkhU6ibu4=OieI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux