Red Hat Security Advisory 2023-4152-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2023:4152-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4152  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-2828   
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: named's configured cache size limit can be significantly exceeded  
(CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2216227 - CVE-2023-2828 bind: named's configured cache size limit can be significantly exceeded

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
bind-9.11.4-26.P2.el7_9.14.src.rpm

noarch:  
bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm

x86_64:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
bind-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
bind-9.11.4-26.P2.el7_9.14.src.rpm

noarch:  
bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm

x86_64:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
bind-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
bind-9.11.4-26.P2.el7_9.14.src.rpm

noarch:  
bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm

ppc64:  
bind-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.ppc64.rpm

ppc64le:  
bind-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.ppc64le.rpm

s390x:  
bind-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.s390x.rpm

x86_64:  
bind-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.ppc64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.ppc64.rpm

ppc64le:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.ppc64le.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.ppc64le.rpm

s390x:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.s390.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.s390x.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.s390x.rpm

x86_64:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
bind-9.11.4-26.P2.el7_9.14.src.rpm

noarch:  
bind-license-9.11.4-26.P2.el7_9.14.noarch.rpm

x86_64:  
bind-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-libs-lite-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-libs-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-utils-9.11.4-26.P2.el7_9.14.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
bind-debuginfo-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-debuginfo-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-export-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-lite-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.i686.rpm  
bind-pkcs11-devel-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-9.11.4-26.P2.el7_9.14.x86_64.rpm  
bind-sdb-chroot-9.11.4-26.P2.el7_9.14.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwwAAoJENzjgjWX9erECFkP/jpr6CGwrkKLSxCbe0xj2xKM  
x4FbFmc0gvzGIBCbVez971Z6+sOqn5SoeLEpOFKGQAZcz3LeDdNRRTC9aahZ/M++  
ki5wzcyXrxaCQ00uwPIO60RiKs1XeS6TwGx+FKM29WH4NED1bfEJTm+7OofPoNzu  
wuVgoHK0qbnuSFNJqmijDnE2/55vLo1EAzLac/jE0Dk1CUwDFXk8gh69xxK/AMKk  
8i1bp2mpdLiDnfAcW/ZQbmfPfJ4zrCkVCbhfLIc+J2zEd7DGoNdnU5m8UDKa5ejF  
7FIRiHWMO5kFFkIdkDNEcykrihAUFLbapMl+GLtWAIIMc98LN3+DSssSjIcUVDxq  
pjIRK6+m1SW8oYLonAiuU/EkVuV17aOm+6SvWwmO7GRsDtpE6fOErBCwqgkxp5+6  
Clg37d5g0lGGjWWrxEdIc/+ynYzo/KEZv8H5XtemrOnn/r+fyqzbu8w73s1lvfrt  
fMi5mpWJABLv/Iv6l+7TJ77m9b3E9JJFG524+b/xuJDMazOHb3sQj7AHKwo2BNU/  
jvdXWYP0v3FcYayoGI7zS4nrmORKGZ0cdMi+sD00aOkS8o5Y4gLwxS8+XU6YmaEM  
arIrgSRp43QxkXWYkAfUWXkB6Ar9rXQg7ScEgXNHR0U4mzvG/QwXtMER2OnAp801  
X3CKula1WG3vwo9ldiQV  
=btLY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4152-01

Red Hat Security Advisory 2023-4153-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2023-4153-01

Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2023:4139-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4139  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-32221 CVE-2023-23916   
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: POST following PUT confusion (CVE-2022-32221)

* curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135411 - CVE-2022-32221 curl: POST following PUT confusion  
2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le:  
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x:  
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64:  
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-devel-7.76.1-14.el9_0.6.i686.rpm  
libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
curl-7.76.1-14.el9_0.6.src.rpm

aarch64:  
curl-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le:  
curl-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x:  
curl-7.76.1-14.el9_0.6.s390x.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64:  
curl-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-7.76.1-14.el9_0.6.i686.rpm  
libcurl-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32221  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwhAAoJENzjgjWX9erERi8P/2SDDRgrMlMpO4mXOQOHpnBc  
sDfOVF79svk3OP6kjP2zVTGOOVjsUneyROB9GWyuPPjXxJGVBPGibuAPWwD6ismM  
HSsoPAxZjFVJiaf8aoeJorDS/DNQbYV1pvUrhMqVNWgoobyMMFHrWMvniz+mBUve  
TquHFuWcu5/5a48KGtTa6fLZlnby5bII/saN1+gIadA57iTL+JNLf/6emT15LGab  
1JvQMg5qA5IiW2mzQFLdW/diUJSI9Kp1VZllAT6FenMlSVU/tZ5oaILvmRbnIBdC  
3UNZfrJHr8R3D/Go/7mtcxyA9w/kqY1JQS+hhepApZxxFa1x7sAWc7CjNE0NslqA  
QScUuV4lRiiXVCSERBYJ8r3Wd0yQ1yA8cKq48GDQLpBPMS62yeUANPGykBvB54MW  
DYj0EWmjwKTZQvnDrKczMA2g1HEIEoGsp84XgZu2xRX6V5uXKjFVTxJNVnPCOlt6  
67VZdr3D8LgE88+7ON7cEoumzk2i7mjZvO9KFioifb8vOll1zGNt0PhvSdNCj7A7  
eQKZRNiwM7Jq60uvX5Ej3CDR6ih+hvY0l/g5aQHhBwvI9OXAt3CotqivY8mZkPWo  
aZ97c6+XBqH4oVagM2ytYlV0CqWvlFOUROoTlM9uapBL9NYGG4/unbtMPQyX4y+B  
sCjCekvuX9Rj0R7DT/vf  
=PgSQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4151-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4151-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4151  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* perf record -ag does not capture user space stack frames on s390x  
(BZ#2207745)

* RHEL7.9 - kernel: handle new reply code FILTERED_BY_HYPERVISOR  
(BZ#2212672)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

ppc64:  
bpftool-3.10.0-1160.95.1.el7.ppc64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-bootwrapper-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm

ppc64le:  
bpftool-3.10.0-1160.95.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm

s390x:  
bpftool-3.10.0-1160.95.1.el7.s390x.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debuginfo-common-s390x-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-devel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-headers-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-devel-3.10.0-1160.95.1.el7.s390x.rpm  
perf-3.10.0-1160.95.1.el7.s390x.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
python-perf-3.10.0-1160.95.1.el7.s390x.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm

ppc64le:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwSAAoJENzjgjWX9erEt6cP/1fkp69jI6fbByZXKQSjLw0f  
F+P+X+ZpO/+WFU2DSA8re83/9dRg0tJCHpQXSCnVqMdd+lvMqqXALldIn37rm03X  
O+x/InkmzJrnwhna5viIF/hHmj3q1n0P3zxqkv1A2sWXbD71HYQgTZUQ7AJ1xCQg  
J913u1Aq7CQv3DZgU30AhaYqFYubZCAIxOg093k1tE46IhaM8kaZ0+/YlzazBaeY  
o8yjkdl86qPxb+E+aEp01GfkWDVz2oKrjZzG5RH6pEnbbIcV4fg8xR14cVFAoMql  
7+Lwa+SMN/3x0S2yMQk5nXVoEm2m3m2OBHZjFj3GvYKJBrfrgbTb5cyferOImEqE  
mRNNxQpPeUQNQDlOAQp6uC0ODUcVoAWOT/CRqhP9zK2oU//yxv4l4/DkCJUQbQZh  
Y+PFt5SlFPdoFvy4dG4SfJoA8F9QfXJ7T3arjyrAikM0AS+tZ53wKTSTvvUbLWR7  
8yA/ICqMD7HMco9LB5CPEOyIyJTNe86EODzIQlzeCwi7h5uSSWfF/WNvXr/oruTR  
Nu6TqkO0NSw3SdkZlNjZR5FojxmGQ+FUff0Xd+jTEz4m6DgQMDIRXpxZ3eixBALl  
L26AUp/LirMgpitXCobe456SqbSDEXndP+rLE9DUbJ8PUrsDja0nnVQsePCYyFUe  
Kd+YqMTvBv9Q3TVer7fj  
=5yWc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4151-01

Red Hat Security Advisory 2023-4150-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4150-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4150  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the latest RHEL7.9.z24 source tree (BZ#2212577)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.95.1.rt56.1241.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.95.1.rt56.1241.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwRAAoJENzjgjWX9erEsIYP/AzS2OWYZFXkbQAPbhrpQUWb  
JKXU9U3LH4uXtY8MXapXRSDKGvk+a0zoXHLf8QpAd6e1RF8b3uOulMYsVH0iNHnH  
MVCgjza8bF5X2zY/dNnYpcWHUkJDYDH8neP0tJQMvFjJCmregpHyv8P/nSPo49EV  
ikG5kyRl5gbXdWf9Wir4cGAVTARMS+Sy8UkuyHeWhIctYBwfILx6yrgqiRx7g05k  
usGkBFLTZw0U9BiPHG1NrjlunR/ais6IwQS7qdFJ68C24ygc2c6AFCQAwMrl/XH6  
IAy/60x4EZTU0PVEVqub9ovkZAfaUFGeNKnQCJ0m/iANLV36htpi24KMtA4iQnck  
qsOHMRwywgVhJw1NNUGg1oeVJRlbd+wcehoF2kG/LZG6ZafaLO9H1bwZdGggtg91  
pYjEFlnwwOcTZlejfdbKCNPqtY7lxumihV7Y9CZnsE3maL+7BKrx/EHQlyYR4jj3  
ePsxQzWeuElpaOK+IcYGkPiuMJrwFOSjje0ZK67phdncZzdmEk1/RFpArfqO/Or4  
Ai0fCHk5zLs5VQ9m7k+Qxyv166g+0Ro+BvsIiTyhwnaKplrRgr2xbNXJkQGg/JpL  
BvMYvAkeBWFdtX27jfBZyrJGUNCwHHUEhm/KLDTONpycP8q7vPblrE3O/AAxI1oU  
h2MBryWZxxVJP4348IBG  
=eYzn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4150-01

Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4126-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4126  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-0461 CVE-2023-1281 CVE-2023-1390   
                   CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2  
Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time TUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: remote DoS in TIPC kernel module (CVE-2023-1390)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.2.z27 source tree  
(BZ#2209127)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2178212 - CVE-2023-1390 kernel: remote DoS in TIPC kernel module  
2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm

Red Hat Enterprise Linux Real Time TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-1390  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwOAAoJENzjgjWX9erE/bAP/13KpeTH0KZgRa34ZpWWaYij  
6p3R83Bz7WnamsjPzVV6PHS/EZ//KdZZvCoUwxHR5Vc8toKlg2BMwETpdWMVCtyj  
BZ28ZBc/rWjOrQLdnvuY+C5cIqqWB2zqQQKCQsXVd1xmsZR1WL2fFOLY/99YQrZu  
UyOvXPXvOrMFd2JNJVgfk0pjrntcO19Ql40gFQ3zT8LKfseWL4907MsIGfTgT4ou  
fi28Ckx/GUzPyvO6A0sr4EPfX93Ckyj8e3kX5UxC+70+jV91L4d0rGhkgPgiB9Xp  
iIu8/NqMK39ywywFL/RJpruWEdUkpKi6ahVGOeLW4Ph5PsgGTRsyPYfv3kN0Ddlh  
SWq1lT0KcHOo94fcfE9DD/jX8X8VIKJSMAFxjhhRlIuIQskDqAEMfVW+9PFAdMsX  
lEPtny2OHm7XLuo1Zei2XWJfS4/CR3Pdvsxbni3dNYu+VQhX5Ot0ZMtTxdflP3TF  
Ouc15lQxRdGZ+14x+2ZbqWTLqd3nzE0baU41X7gPv1wMWmjbkhgXQtxLLqsM2hyF  
O4z0kKsy9ePGxxiGMv0Lt63BKO3/y5NiVrCYpGApC/U88cT+qy2vBS9YVm5rZAc+  
0t3uyOiHFRITDGCP0+Ppjx33YAbX7e3A0k5DkkAkXfJCHJa1pDddRwdo4p5IlIh9  
lBmGBMSGy7/PZfhv++Aa  
=PBqO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4126-01

Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4130-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4130  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-1281 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - s390/smp,vdso: fix ASCE handling (BZ#2176464)

* After powerstore LUNs are mapped,  OS crashed and host reboot.  
(BZ#2179068)

* qla2xxx NVMe-FC:  WARNING: CPU: 0 PID: 124072 at  
drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30  
[qla2xxx] (BZ#2181529)

* iscsi target deadlocks when the same host acts as an initiator to itself  
(i.e. connects via 127.0.0.1) (BZ#2182095)

* Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189597)

* Azure RHEL8: Live resize of disk does not trigger a rescan of the device  
capacity (BZ#2192345)

* RHEL8.4 - kernel: fix __clear_user() inline assembly constraints  
(BZ#2192604)

* RHEL8.6, lockd : oops on nlmsvc_mark_host (BZ#2196386)

* xfs: deadlock in xfs_btree_split_worker (BZ#2196392)

* Intel E810 card unable to create a MACVLAN on interface already  
configured as SRIOV (BZ#2203217)

* ice: ptp4l cpu usage spikes (BZ#2203287)

* Kernel - Significant performance drop for getrandom system call when FIPS  
is enabled (compared to RHEL 8.x for all x < 6.z) (BZ#2208130)

* Azure RHEL8: CVM patch list requirement-storvsc patch (BZ#2208601)

* BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when  
vma->anon_vma==NULL (BZ#2211661)

* RHEL 8.6 opening console with mkvterm on novalink terminal fails due to  
drmgr reporting failure (L3:) (BZ#2212374)

* ESXi RHEL8: Haswell generation CPU are impacted with performance due to  
IBRS (BZ#2213367)

* Hyper-V RHEL-8: Fix VM crash/hang Issues due to fast VF add/remove events  
(BZ#2216544)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.64.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.64.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.64.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.64.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.64.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.64.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
perf-4.18.0-372.64.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.64.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.64.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIbBAEBCAAGBQJktmwHAAoJENzjgjWX9erER6oP9jnSN4MJeD96PCOQdmWUgdD7  
oiIComGT0rXk+KnSo/LkE147Qc6peJk2UMLKBXwLb0i36b7vXNzP4KldjoOA+JAp  
VIKHuCyUp50Ixh5CHgHU8iITRUKimyps+hGwmWYvRKE8XlEJ0r2Z3fcIRVopc/Zv  
xpqOx/EoPAwVOzLPH2A59uWT9YGuu3OFvxewF9bZTtT73E275vk7IUgBnZm4hr+N  
lAkk3Gs6BQ/6RFF8liY358NTjOPs80dmQWqHvl0cdrItqmGGtqwvAIzlQazOXn5L  
5iinMRAzwIQ0zG4tA+FyoVBL1pJlMZ6pTYNxBw0xCEx1BpfqGASp+aWvUHIS1POz  
lVJdggTb9IRWPrZQkYO2JooApTlciOdAtEg2cc6fvJtpGR5oMRfOMbIRC36F42kV  
XlbI9d1HyoxXsFvVEHCIaccAotmXPD6Wpn4FD9cxsGKRaRxUbtn+2KdDUZ+cIae0  
CXGb/JUnA7carkHzmtoXLqBxwXyFteZggP5QOHp20lmOP3MWwYe1JofqPkCQYAHa  
V0I+PExZcUgcyjgljJcAbZm+x3LUfjuWIS4Ipo8ofi2vSu4xtkh49pthuM4/WJAt  
gi++OcC3Enrsw0REq4AJMqn/nbCdsareo4p2G4U7SKmQIKdNXCGZs9n8omkKNazt  
CkLVI7SM7bFFIVZqN8k=  
=c4ba  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4130-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4138  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z10 Batch  
(BZ#2209984)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwGAAoJENzjgjWX9erEkE0P/jfzPJ5Ii7eIYAmKXZQdTSEP  
FpJp7cvUx+L4/B6h9WaPXz/qJGbBnLpqGcXn2RgzWkyJXCwVbM/MQat32cCBoyLZ  
pz4h3kUonDj3QVS43ytHwg7RNT1TTvu6FYoBNtzTIRHTEIfn3jUuh980liO0O/cf  
4jeNydlGB34mPtNaVgSRWFsPxvXjYJQORXS/0IQ2BZ9i1N6X7ifvOHLGTd8EbkBQ  
XMVLh67LDXf5RiPnMxYYNkzbzzGZkyTwjW+oNA45jJL2DxpE4au43VPQA+aelOpl  
TwWCxlMoGbOHy5ZTd6fSKmDU21kdXZEPg7gGv1IT8mhYMf5G6LAQ4+ZUjJFfGbSF  
hTsu6HY6rthOiZ/VS+PNeC6J3k+5sepaSMiy2Z6ZuJVzMYH0EJ8jKJBKi/xTOk29  
Q72doQDUnOnczQKpSAfU7vC9F6De3sDFXOzCcGuy/1QWV7a2xTp1EKPy63LT9uLy  
bY2ZnOxGRSomao8YyVlMY/JxA3PyTE6/RP+XSAT7PmfqwkxPO77FmOmNQ1mkSLLw  
w3UNIBS1kAz9096b8TKedxFif1ZWjNQI53/zTlAPnlF7pZuixb3Gv8Gieu1XQPz3  
0+fm59WS03bq+9M3tRA0zOaWEkqNF16ZoyLqZVqTStcQ/tz87EVXll2x4iapCKTa  
IDz+8UxDBDA1hw50cBcY  
=k9cm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4137-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4137  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6  
(BZ#2098210)

* INTEL 9.0 BUG VROC: RAID rebuild doesn't start after removing drive  
during FIO (BZ#2174890)

* HPEMC RHEL 9 BUG: acpi-cpufreq: Skip initializtion if a cpufreq driver  
exists (BZ#2186564)

* RHEL9.3: Update locking code to upstream 6.1 and further fixes  
(BZ#2187517)

* block layer: update with upstream v6.0 (BZ#2196175)

* rhel-9: Invalid character detected by rpminspect in  
Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208244)

* Trouble getting callstacks when signal has interrupted clock_gettime  
(BZ#2210076)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.64.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.64.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.64.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.64.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.64.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwCAAoJENzjgjWX9erEhgIP/3YYLK2bjhLKWvvRbMdH9gRU  
mWFTBr3AeiKs9tMOpcqe5JbI2nwy6M41Qi8Mdz1D+5MC+4Yx+NTLFLmYKbwdY665  
aO6IdgBXvkrEpVm3a4fjt4lFFa/66VsvzphmyduXKLGcMzHGShjGQpJZEHZYdpbN  
EiS7Z1rEGLExmxt9z5vLbhzSmfPTH9bMKx6JL6EBWyimA/OYk1uysfAjVBMe1q6X  
OS5VYobqY2HKj9+TT/cHe0rFZTK7q+9Gw3W3ndQ958p9yux3FrLgFF0oLdLiKwzH  
IZC/cR+ivRnzpxUZD3YDc5Vag3faQ2VmIdBLMEMY6oXwHBYZyKEsCA7oZ1Eh0uCJ  
nWYA7h7J0+CQiBSlo2DAv/pmsalLrOF4OJZ7kOVcXIS93EFjhZfr9zN+ap0A5y6a  
UPEpGGLa19PPYy3g17y27JvtsCoErDcYVc/3w7yS+NE/cvrigyBxNl8BZZyWcPVT  
ONN8rsrIQMA2LHgPygklxc/SHHRIgLEFJdKyuIc2Qc/wYS+XorsVfTmDi1WT29+H  
4k0c0syaR5+XHbfwTylaVXAmTO8+pI0zN9bePZkv2josDzhgwQMO9uPFlPpKZnq6  
rIrD2HZQH67vNdaM4i0RgZAJFiBrVsz73LlkEX5WYZ/UDsOdB62VLfqunuQuKmjG  
AXwX8eBFthNYpnnQVPSa  
=mkOj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4137-01

Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Tag

#red_hat