An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-38253: cve-details

Red Hat Security Advisory 2023-4071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4071-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4071  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-102.13.0-2.el9_2.src.rpm

aarch64:  
firefox-102.13.0-2.el9_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el9_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el9_2.aarch64.rpm  
firefox-x11-102.13.0-2.el9_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el9_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el9_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el9_2.ppc64le.rpm  
firefox-x11-102.13.0-2.el9_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el9_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el9_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el9_2.s390x.rpm  
firefox-x11-102.13.0-2.el9_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el9_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el9_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el9_2.x86_64.rpm  
firefox-x11-102.13.0-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/68AAoJENzjgjWX9erEVk0P/1NlxnG08loer9hNA9xaD3Cm  
tDuL5Y+7yihRbB+1FtUiGds2P4Fb41pZ4ywl94ppfTtChDJR46D4abB83df1RQor  
aaAEOokt57JcspcAvSdSgstVD3UBeGovWDsu4Fmb9kJ+sC7b94CR/bgVksTVPFtf  
lC+50PkZF80PSNfmlnfDAGQ1iE1Oy57uOmxb2Fq4uwmCv7vqNF+4U03d4Y70KRn9  
flF0SeoRNLUgvnf/l5xksvupy28cWkVO24ALopMYL0HYx57XS/tTlnYFn3EVQW3y  
TVuhpemtzS8cGjxL9R8rEv3zY616kl8SisoSk9dJmsU3DnZXw8oxj8SZNgXSrBE7  
D+3yssivhkfbyz29lYBGOZ2JW1Ng2k+0vxhLaNI0M9DSSgt+XLxNqB7VuZ7YlDTi  
v82NCaEiMuRjtc93NJrOhCKutA48EOI27/tHHkKwM7PdX7nTM4s5O5cMEaHIBEsY  
C/8XVOsLOV4q0YpuuV4dTrmbmwMZBdUNieJpo+0udtECmFytfOz6Xv4uNOXfR8Bk  
KEA50jtqxJQltBmhxd6xD2gGxGO6H+Vp8waCez2XXVexyHO58ryM3xqIc9R0D4ET  
3EFchhNaRf7ZoxAirHxOWYvohQ/fFXdMb9RVaJrl8+57u72+IdwX1uk8uGWlMt9q  
eVdO/YfLVI5SpRlM4VQO  
=4tW+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4071-01

Red Hat Security Advisory 2023-4066-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4066-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4066  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.13.0-2.el9_0.src.rpm

aarch64:  
thunderbird-102.13.0-2.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_0.aarch64.rpm  
thunderbird-debugsource-102.13.0-2.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.13.0-2.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.13.0-2.el9_0.s390x.rpm  
thunderbird-debuginfo-102.13.0-2.el9_0.s390x.rpm  
thunderbird-debugsource-102.13.0-2.el9_0.s390x.rpm

x86_64:  
thunderbird-102.13.0-2.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_0.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6yAAoJENzjgjWX9erEyb8QAJtQYsK0FkGTQ8ebQEgG1t09  
dcFuoQYceIly60LAJYSN7VRUs1bsvpYfhHfg5y2DnRxGDNTB9vGDKO+8SgkrTXhW  
zwR7FVel75ekcD1epP/RKlpIoV8R8Ldygg46zU2+QcpW86RPbsz/NcizWUFjnhmZ  
cefTCHVZnLm5DHlvo6ci3mWTOBgLxNaLtcxe21ptM1zvMmk+OcPFoEQzKl3hf1nW  
0J+5Z7z/YS3zrmYa6axtbgFefzRtBDfPZy+jdK3x7u77weIF8Jo4XU681hogODmD  
eXt1O3YI5VsTyrt2r2TlaF0dWENi5nPaqeA4TswLFTNLmkHPePMoMSuYr5ZPoITq  
dfa96hHmeR8KTx51l/nxdpIxK1gmq49KygBpe73omzLWEXIrBzZ9V78GzbI9Nvna  
PtwpPt8faP18XpYzhciC03vFfamZDInecqdo+bb3xwud5YO5Z/3FscLBN2B9fkU/  
CAjgjP9lmfNF8nBdTxTIh2VY1IjzTWtp+V9kdg37MZLlgsurd5b1DAAm2N2BoK7h  
Vt2bp4IRO548MRFoGtch9bBwZRcqYJoDqzH/zg1sOoqzLh4LD64Ad5PfvH+M9Wb/  
kxddXDk3+hiS116yzorH7Whpk4rV8iv2C25u8g9mPCwXgHbGT0U1JZcXiiP2seHA  
rT9J2X/9kjA4dy2P3+SI  
=lKM1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4066-01

Red Hat Security Advisory 2023-4062-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4062-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4062  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.13.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.13.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.13.0-2.el7_9.src.rpm

ppc64le:  
thunderbird-102.13.0-2.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.13.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.13.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.13.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6mAAoJENzjgjWX9erEhuoP/20EVMOx6edjLyXlxJ2nWCoZ  
OIZdOv5pCeZGx8C7cuznSUTerQRfvOtMLcrcQQ1QdqArbO1+ADpou7FgRGgGBHjH  
oeFOluQFl2UCmXgj3Llg2hwiVJbbIoIFPoGEUeoIVnB9m6iA20eXdiOPgZqRaPg8  
44vt/H++81ORygFHoVQfFWJhvz/COyyxOT2+zcdD9Q01G0EviH5l605FvH4mxayI  
hfbneE72RQMJS+lwu9TQ26zKe0hBOoXvAqF433XrLlGlv2NiWLyXvXy6mw2Btl6B  
aJxyaXRSMBx6EDEGaNe+Xv3W2JSfeSfD/zPpBsHevenZzIKFizJtwtvIuziAtN7V  
NSehQlSMUk3pIH6ZXOOj+5PTODBPTGdrirLtht0uWrEJFqhzz51sDHRKnkukNYeV  
TDHcgb7Qi3qHD1/Cw9AFJn8QPEn8PsPP2OW7h51sW196tro1q54DIHGlJc1JYeFL  
bRwpLoJ0lfdMtpW1jDNioaLUQymYuA7DNnS8w6LXnDk/xKzNZBCSGTooknRQ1yyk  
Ma1l43Ffo+/9g+/bPt4SdZ3+5qaMwV8n+bvktn6wzoNMV+/iptxFVAmkzHqj8O/n  
XDXsvDp7Bmk9wCtqFANITbb8++zQ4Sj9vHlIFwLYLgOjU4Km5O4zNt1I9rf8aPiZ  
m9wu6qojPPvyRiwgtlep  
=JbVs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4062-01

Red Hat Security Advisory 2023-4070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4070-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4070  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.13.0-2.el8_2.src.rpm

aarch64:  
firefox-102.13.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_2.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_2.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_2.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_2.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6lAAoJENzjgjWX9erEV1MP/ipOMglJO752WnvtwEYdnYXI  
yh0DY3e+PI89XT7BB1r/YVDWrHM3tjkRu1hyjSaunqskhgqpuiv3AzcyHCpAA0Fr  
os4c9LO8O/t7PBlgpZylKfI7yWL+yv4FlOTF6zcuMfDupafeE1cPfvfmWhWbh1cL  
6btMBvsydqF6y2FH/qV3gnKL+qoYZq5lZZ2lFj3RbqOSUnZbGZXBXvTdZbhFh79p  
Q9kKAYlyzww+uSBjNBQPVVky86pQNhbJLQH58fXVwMyPGe1aSsD5Jcvm3Fzf3bTz  
2o+6I+QBRtBvnP6STQj2isG//sIRHaXawdxANWJSun1Pjq0W8X2H9hUPAI6H87uu  
GsWtLKZ+fR2JgY1e38An/696fplH4xCglbERBAw3y9HvTumvn+HawcFl28+EIM/7  
Ykp6OCM/nXspc3b23DXwQxrPrtEfdsmjGnoWa7tNvin882aTTZh8t26X4ZQC8Hyx  
bmFtZlvSu/y2crZV4SaYFSfMMpl/K4iqzLLTptPjb0uovMS5mAfYahgHw8dtylhN  
hLSJkhK/JRctak8sONKflGXQ7SPHRhwPJ9itV4giP55ybFR0JaykInVdSCC4iJAG  
EyoXndkwY5Ys02jzhCj1lkl8Pv7swX93FLVV37n1eCdoFPJ55cBfaIAUo4n42+IF  
+Dle6KK6Ioydn7CNjZ8n  
=kL6R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4070-01

Red Hat Security Advisory 2023-4064-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4064-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4064  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.13.0-2.el9_2.src.rpm

aarch64:  
thunderbird-102.13.0-2.el9_2.aarch64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.aarch64.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.aarch64.rpm

ppc64le:  
thunderbird-102.13.0-2.el9_2.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.ppc64le.rpm

s390x:  
thunderbird-102.13.0-2.el9_2.s390x.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.s390x.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.s390x.rpm

x86_64:  
thunderbird-102.13.0-2.el9_2.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el9_2.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6kAAoJENzjgjWX9erEB64P/Ru8eBi3b+ZoXmh0eXWohQGT  
FjBodLnrxNMKcVgSUyzknVW3IPdyNaTvzrToIiyM9Y+seEaQ/MWRxkX29+xYl/wz  
infucPBrPyy8qepkNf3tLr23zZk3eTl9rUQXQWlTb8hNmr1chPEZPRxbnSEQhKie  
6chWGQMwvv6XSwVEok2Fj4h4EVDa6FcOvQoHl90+Al7bQWOEzZGK/+gSaD6tvQEn  
SRL2krCXr6kEMXdTOVTGoKmPFlnBys2KX7QHn6/MfF92bZFPxWPBiSI21QhagF8H  
cS2SuSSNMNeQKyRYmix+gc3DIQx7EP4zwSoBr4Zf5IZU78fCzgckTEKlxzg+EQ9v  
GjSjwu5CSIdWzgI64jG1vhaGYRbBStsSJtIIE6Oa8co8L8a5jspA94YGDFAfbY/G  
KG4ZGWszD8sv3X9jjSvbDuvvTaRyqgQDlKUba5Uad334/Ve5vmsqpAqk4pIPZ2VC  
cKz2z/HwrFcg3zR0/L8nYN6bhyZOm3nNqwEFcW2B9bxqNixqjn7+GHfzkXN5q+f2  
VBmfQTQux7jB0oRp8MlrnHiTeiAa3G5uJsytHI0l7obgstLdfzsbPEgnYWLs9vpM  
/xVN7wnmjCCz4PnlHUAWFbmGEsfxJU2yvaFULoPgo5Fn+XiAd8JVXU8w0YuRnvrL  
l+OvWgMJHHk04MxjZV1g  
=zAQY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4064-01

Red Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 7.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4058-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4058  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-33170   
=====================================================================

1. Summary:

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

The following packages have been upgraded to a later upstream version:  
dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219633)

Security Fix(es):

* dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync  
method (CVE-2023-33170)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet7.0-7.0.109-1.el8_8.src.rpm

aarch64:  
aspnetcore-runtime-7.0-7.0.9-1.el8_8.aarch64.rpm  
aspnetcore-targeting-pack-7.0-7.0.9-1.el8_8.aarch64.rpm  
dotnet-7.0.109-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-7.0-7.0.9-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-host-7.0.9-1.el8_8.aarch64.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-7.0.9-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-7.0.9-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-7.0.109-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.aarch64.rpm  
dotnet-targeting-pack-7.0-7.0.9-1.el8_8.aarch64.rpm  
dotnet-templates-7.0-7.0.109-1.el8_8.aarch64.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.aarch64.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.aarch64.rpm  
netstandard-targeting-pack-2.1-7.0.109-1.el8_8.aarch64.rpm

ppc64le:  
aspnetcore-runtime-7.0-7.0.9-1.el8_8.ppc64le.rpm  
aspnetcore-targeting-pack-7.0-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-7.0.109-1.el8_8.ppc64le.rpm  
dotnet-apphost-pack-7.0-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-host-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-7.0.109-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.ppc64le.rpm  
dotnet-targeting-pack-7.0-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-templates-7.0-7.0.109-1.el8_8.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.ppc64le.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.ppc64le.rpm  
netstandard-targeting-pack-2.1-7.0.109-1.el8_8.ppc64le.rpm

s390x:  
aspnetcore-runtime-7.0-7.0.9-1.el8_8.s390x.rpm  
aspnetcore-targeting-pack-7.0-7.0.9-1.el8_8.s390x.rpm  
dotnet-7.0.109-1.el8_8.s390x.rpm  
dotnet-apphost-pack-7.0-7.0.9-1.el8_8.s390x.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-host-7.0.9-1.el8_8.s390x.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-7.0.9-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-7.0.9-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-7.0.109-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.s390x.rpm  
dotnet-targeting-pack-7.0-7.0.9-1.el8_8.s390x.rpm  
dotnet-templates-7.0-7.0.109-1.el8_8.s390x.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.s390x.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.s390x.rpm  
netstandard-targeting-pack-2.1-7.0.109-1.el8_8.s390x.rpm

x86_64:  
aspnetcore-runtime-7.0-7.0.9-1.el8_8.x86_64.rpm  
aspnetcore-targeting-pack-7.0-7.0.9-1.el8_8.x86_64.rpm  
dotnet-7.0.109-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-7.0-7.0.9-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-host-7.0.9-1.el8_8.x86_64.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-7.0.9-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-7.0.9-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-7.0.109-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.x86_64.rpm  
dotnet-targeting-pack-7.0-7.0.9-1.el8_8.x86_64.rpm  
dotnet-templates-7.0-7.0.109-1.el8_8.x86_64.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.x86_64.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.x86_64.rpm  
netstandard-targeting-pack-2.1-7.0.109-1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.aarch64.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.aarch64.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.aarch64.rpm

ppc64le:  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.ppc64le.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.ppc64le.rpm

s390x:  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.s390x.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.s390x.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.s390x.rpm

x86_64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-host-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.9-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.109-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.109-1.el8_8.x86_64.rpm  
dotnet7.0-debuginfo-7.0.109-1.el8_8.x86_64.rpm  
dotnet7.0-debugsource-7.0.109-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-33170  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6TAAoJENzjgjWX9erErocP/ixY1zXl9SDyKwMw0bBEhctt  
j/6F0UV/bSYSMx1cNIiLgHd2Ikw2tlRq7ABLtiGNRM/U8DIGHLMaUFAlhoGf151V  
zRbUIAwHDG6tY1XmhFbKFAjyI0LjFUAt8cgz1kzrgF3tQr4NJm7+jsps8NtLIFt2  
fJ9T7sA6ZHfEdzPO/nctACK1IGb9g4YTUW5sIWi7QFaTzsyi0FHmEu5pYQcXi8ew  
Jn8Zx8ODjhxEdXiVkNeIdWFNr7b/rLhI+PpyvDbX78JTGfDW+f40h6C6+nh73YsF  
qmre/qWnX5Df0MIKYLHvhhyJroG0TdO/J4QLM67Y6lPV4q/XldV9lv/QD8fz9RX4  
4u7K2GzZhvC2DynNIn222B8P6e0usyYgUWWU4m7uSAZPSuEmOhFwC5BYJ/zDXMSL  
7X/pNGP2F0X2QemiFeEmdRKYV+5wE/jduqWXEewtLkMC7kd/RXsIz48/KBlM6mA0  
hQlB6liU4sBor1p9KOO96aoDY3xe65O2wAmboek59GB3u86DJJZiOrmXKWWkD4vt  
3BG/lNRjpZn2Wo7fIQWsOXU3hVTEbwpq0PBxEZIiOzsHsLW2pZo5cR2/ZsqTz+8j  
vnVZMUkGXZFHbTxQAvMHnXswuS0DTP8rDK/B6vhq25cllM545Y/FxUg+kG6M+DGQ  
cBPA/r/Xsfj02cnYa+Zc  
=4ax+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4058-01

Red Hat Security Advisory 2023-4065-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4065-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4065  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.13.0-2.el8_1.src.rpm

ppc64le:  
thunderbird-102.13.0-2.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.13.0-2.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_1.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6PAAoJENzjgjWX9erEY2YQAJJ5zs2ZzqjvZtzoExTnO2Ph  
7OWp7LzAe7sqx8urFd/QMHiDQ0IDBj3MPzrvuGuOkno5QcN4eszKI+QhbjM8jadi  
g/cHq/9nS7sbbZbVdE7xNhb6cjHu8r7e54reuq+nrG/Mt1aAuhOnaTdQ7k8Ew9GA  
FNG3cId6po8HpTu/o6Fkx2DWnEmxpPeavKZpTllFQ93znqUfqs6y1yWEeLMRyRak  
ckrqCl4YcDbbFUHCkx65W1zVwwJJ9J1Y7yCUp3kq5l/PRsOEpaeEctY4P+5wT4n9  
eft075r3b/+DYIT+3guBWOTVvi8JHHqLfi2upO4kIF7RJx+cZmvqxvojOHCMk8H6  
5VZWMA5WvRe4mi5G/z28uhzSX/kMvDkEHmi4/xWANyvCPDtJP42GQnB6X2AGPad0  
IeamsuQTeV5g6xOs5U2tQwm5zMteZWTdCKqqpzBONGth5An2iBMZWlfvRM/HKO81  
JUTiOqsGiVklypMDWi+/wTns/vCHn0PEPf4XKvLV0JCIJyaqeRlH085j9ylXP8h1  
i25Pru1NiRtVmwsgapwo2nnyp+uuc8anUhmhcBGyNVaeEgSbxBNj24SYcP4hL3ww  
xdyIJlZQlb8ONFvSuUmlpeyGEoUdHPcWr0W0w8R3ge1DwLx64WhtZvU0i6XZ1DjQ  
U+ePBfKTBPlWsq0GWPhU  
=Zut7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4065-01

Red Hat Security Advisory 2023-4075-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4075-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4075  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.13.0 ESR.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

aarch64:  
firefox-102.13.0-2.el8_4.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_4.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_4.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_4.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_4.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_4.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
firefox-102.13.0-2.el8_4.src.rpm

aarch64:  
firefox-102.13.0-2.el8_4.aarch64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.aarch64.rpm  
firefox-debugsource-102.13.0-2.el8_4.aarch64.rpm

ppc64le:  
firefox-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debuginfo-102.13.0-2.el8_4.ppc64le.rpm  
firefox-debugsource-102.13.0-2.el8_4.ppc64le.rpm

s390x:  
firefox-102.13.0-2.el8_4.s390x.rpm  
firefox-debuginfo-102.13.0-2.el8_4.s390x.rpm  
firefox-debugsource-102.13.0-2.el8_4.s390x.rpm

x86_64:  
firefox-102.13.0-2.el8_4.x86_64.rpm  
firefox-debuginfo-102.13.0-2.el8_4.x86_64.rpm  
firefox-debugsource-102.13.0-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6MAAoJENzjgjWX9erEYtAP/R2AmzafdY60xfPvCgTCZCqx  
u8G9mloDscKUh/FY/ckBRYKQrOpt+QyUtE5TxKcAWAvIq0CUgZP//nlra1JXtS+B  
Wpd4gM5zv8VH8jJWunWZdnxSv+t2BS7eHDUiPbpeT/edMvPkpea0tMW+NHxYFypD  
eryZiI94a/qK+HZ6BeIMixb2Sd0FfnlhxrSPoQnRclxf5kICoNfm9FRUooaw94TV  
t96ninfUhzEJOhFOQ9QzmB4465imm/w4zTpKv7V5H9ZmqrChRRdglaY8XN+rS8mZ  
ArhskGnYBmGvXfEiTv4W57j4AkC24ljSOgQYKu7nI8jXrhTFKWC+OMzVS5mXIFQd  
heM2/tIeZQxWXQXFXRB8OoVgOd995oSb4on3CL2cu9rpb3Yg9IQqocmf665WtRwN  
aLTb4oDdcS0sKVUQDLKqFtwGNot2Oq8nBW/fbTi7Ogncs6n46T7OdwmRHtak9/gA  
HeW6ekBeYesnQbVaUKhJdSJQFXvAZ145fo8J089K8nLbdnQaycAOeatWCb+RRg7u  
AVkXGo/n7htQvXAQWzQ3IcdA6AyZDQvtcZAa7u2G7u7XFJqSTSDBZbs67+P3UGex  
LtyR2Zi75bytEtqKz3HOMlZiP1C+uY9MVcsuDx9zlfDo1S4YobacipA3VN8QSo0q  
3sG1tIa+GSXg+4/EJB+n  
=1a2O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4075-01

Red Hat Security Advisory 2023-4067-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4067-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4067  
Issue date:        2023-07-13  
CVE Names:         CVE-2023-37201 CVE-2023-37202 CVE-2023-37207   
                   CVE-2023-37208 CVE-2023-37211   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-37202)

* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and  
Thunderbird 102.13 (CVE-2023-37211)

* Mozilla: Fullscreen notification obscured (CVE-2023-37207)

* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation  
2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured  
2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files  
2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.13.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.13.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.13.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.13.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.13.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.13.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.13.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37201  
https://access.redhat.com/security/cve/CVE-2023-37202  
https://access.redhat.com/security/cve/CVE-2023-37207  
https://access.redhat.com/security/cve/CVE-2023-37208  
https://access.redhat.com/security/cve/CVE-2023-37211  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkr/6EAAoJENzjgjWX9erEFB4P/ilAlODIkXUXOfteypiSSN6w  
39XzURofAYEyVw6oPB0q0wEcLSybH4tsOi5P53HN8+flUNdN4poM55ctjk7OycHb  
u1edAIcf7BrCLMjsT0dzArIP2j9WTniA15BSgC1tYGOEImQi6sBONUDox6e/td92  
M0G7mUdBj0PWwG8N5YYU1iDHo64PoNaumwjOdxBNoIb5smdRQzK50rZOqQqhBOBH  
a+CXL9TiaZlCoMyuHH0WRiQqFYpLhLZaSUZJBRfuvsCWeJhOsplkYMHwD3Cd57y8  
eQ4jJfDT5cvC3hTLxbsv7tJC1XG4hOr3+vyGmmRjFChgK22cBtUkFVwYYumgqNcL  
5UPCVxobPSvfaIlrzQLyZ9IWl26izChMR7wean4TO6LPtGMBTPgHbMr3ClEnHnch  
HD9kKRtGvXHkH+CocNWddFmGsS9IID0yXU2aWY+/NcDfkhD221Dg7X6pmGp7wUZC  
l6hPylGY0mBzl3mL9Bx7PIVvWryz+Fr4cq1j+aCcwToaBRnXcn/JsoexwUF5Xg2K  
RarMUncemPTfMg5l/nmLsakN1fpHkrUfSJZH1VvEyIJBm9Z/cHkHUHbtFTfu/jCx  
4A8pbvXrZ1cP6i3j7h/qSLc40bE0/d7mUh5OYzO3pg6RxAQF3zsYE+BVLyUUcrkL  
EOgL0EUUaoqqUyK0Tetc  
=t0XN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat