Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 17.0 security update  
Advisory ID:       RHSA-2023:3157-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3157  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088  
====================================================================  
1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 17.0 - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 17.0:

Source:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.src.rpm  
openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.src.rpm  
python-glance-store-2.5.1-0.20230509140449.5f1cee6.el9ost.src.rpm  
python-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.src.rpm  
tripleo-ansible-3.3.1-0.20221208161844.fa5422f.el9ost.src.rpm

noarch:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-api-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-common-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-compute-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-conductor-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-migration-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-novncproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-scheduler-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-serialproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-spicehtml5proxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
python3-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-cinder-common-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-glance-store-2.5.1-0.20230509140449.5f1cee6.el9ost.noarch.rpm  
python3-nova-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
python3-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.noarch.rpm  
tripleo-ansible-3.3.1-0.20221208161844.fa5422f.el9ost.noarch.rpm

Red Hat OpenStack Platform 17.0:

Source:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.src.rpm  
python-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.src.rpm

noarch:  
python3-cinder-common-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr29zjgjWX9erEAQiFGg//cXc2Fg7lFb4lDgVIYerUeMK0A/cYi+y2  
xLzzEJSeEnIaCF8lXUmrDgtMK1OClWF+vRNtur85wyMhcV2ZI7eIIcc955mhp7fX  
detgKsLQGjq0JbeKjqLX5BS8++bTY7ihSMLj6zW021Y+5r1J+jJ7/kmMjr5UCxwR  
edLDBX+eRohgLrrV64T9m1pp7/Qp/eaWrvSiyjy0souhkCMkQQSYJi0KOSYKrTE/  
wxQ52/crestZq7GcuDNBA2qWWOlWd2HCNaumE4VElUl5nGPiIXi8ylMqGu6tgxbF  
Aog0NVx9VILqO/VKIa7dqIQSVDHVZXASZ9HXMEcJ2S10nN2z4zeIYM0PUREjIp7K  
JVP0cAvlpbFURqanMaU2Un9tD9GBSbB+rKqD10xMZD0oWDDKSSgdhd9pmP/ghW/3  
4PK2IoS0iMX0nxX9MVLlXMU+0tZi2L+JCGrSe9fWmafGsPcspw+SvzJMIP8j/XYJ  
3l80kgg8Z5gZ7qcGVF6eZipUIyO5vTfPRMz/HhYYfizFVu2tp8OJ3d+cAxQ0Aezm  
cjPuGsIMX4NUOjsCtFjJxjE2jTsGE0X8LLbadyMF70vZxJY32M+fpAepHQ8VdwJS  
6uY4IqPmh2HEpB8t9vFQ8eUlOWX9+v5Cx3gLbnLicltfuwdyYsU4neVqDP1i4f/e  
xzHE7oP7yH4=BTlv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3157-01

Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 16.1 security update  
Advisory ID:       RHSA-2023:3156-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3156  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088   
=====================================================================

1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 16.1 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm  
openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm  
python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm  
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm  
python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm  
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm  
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr29zjgjWX9erEAQiVug//TcihV0I2Pf3ztuRxxZg10mh343oDhmKS  
kovBJNT8n5Cr+Vb6yXeVMrX8KNNfoaVuuI1A9tQCnck9H3KscAxVM3fO3T2rY7/p  
NqQ7S6B8nwoB9IK+AQjfZt6izlWlTs2C0T2u1JaSQBe+Cct0lJpCkSAba+UwHvu5  
kbQt6GaTbHASUs5zY5yat1RIOqhDYGemJYg6dsEmZVA2ZiBFVyT+N5f5o23xofZ4  
/ABji0DTlatWt8pGG7hbP00TDYyafswkIns3qnVDUP6PnB5wVhsDzpCHSWdTOuBw  
sREXOACYy5bXtM2MXdLWm8taafvFu60hnChjLsdtZ/+EV0B32lyDlH0aqi55Iatb  
NWAWg3B79aVul/CLwhrKmloZRiiyBQTWtLEpXIg5QU+ilF3gGfYX4ff7+PJeCJWW  
zZMFKY/oFrUbk+gFuID2qD3bwcS6oWqcjWzcHAm4dP1y4OcH5SvbHIrIwbdQF9QJ  
6W2mawKCMMsX5CUj9tH+NR4mz8aBuLHr4q7eupPkOlswZmrS57UotJl7NjTUNr7A  
C8/6Deo3UeQUTBH9Osfy0kUVp3xJxF+WwXDGCNqpKnLLMSE3omvNO8gQOiPooVXW  
OVjAa/ewsLo+WXUFY4C+w92pzC9Nh2KXj5e714KjNRFBoi2CIXcy0cfj2KlP5BVE  
xx1mmidLJHw=  
=1uh6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3156-01

Red Hat Security Advisory 2023-3141-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3141-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3141  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.11.0-2.el8_6.src.rpm

aarch64:  
firefox-102.11.0-2.el8_6.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el8_6.aarch64.rpm  
firefox-debugsource-102.11.0-2.el8_6.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el8_6.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el8_6.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el8_6.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el8_6.s390x.rpm  
firefox-debuginfo-102.11.0-2.el8_6.s390x.rpm  
firefox-debugsource-102.11.0-2.el8_6.s390x.rpm

x86_64:  
firefox-102.11.0-2.el8_6.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el8_6.x86_64.rpm  
firefox-debugsource-102.11.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXf9zjgjWX9erEAQiGJQ/+IbXk9s0LKLKZbhDerprRsgqOPXJIck0q  
eg1ZbODSbva9/Dj9Kq20hlxaYWAByAnoXz6M0r1jq+0GNu9yTpE0JOmxjonU8TPi  
ECXQ/UhERsjukGKM4RER6UvUeJfR40XHz679hiAMJ60AukkxXCw7lifGc1LHpdHk  
eWSHIC+t61sllmjCYTznjyFOm77oJiu4+l7U06m5CdCeA6w0VnXTQa25qrwzcqqK  
q02WTSvFhsQpcrF5zXSTjv9ft90lK92kn3b/LHwSHnGfOsi8nU9W7MrriVU+xRRY  
mkc09mABk3lizEUSSVszLW/Kai4twE2R8tArQ8GMzQL8RbLb8f0BOElWLdJUIIcp  
HJgXeAzI/1OMBUF6DMLruoZBUPu9VZfSAbbJjMOIrkblKKfDjBSV/tyuYhxnKVSI  
iFkZEAcnR1dTBHESf1NlAoJDJQPRbL6MfJN7kDyTHibyHeyogo2m09NnbC8RAnHh  
ajRGXuT+AjTSQbZ4fSsCEMQUBT3p+yMqxgeMbXGsHSZwKIMjFqbcHVKCdC690Hax  
KUK7Z8df0/GitY09CtUwe+/ixOqbEdBemhJdOtWizWoIZkqMez1EIKfGGzq30y7L  
bb48BRYyTEO/Hu8PRiUrZMCg/jucsxlEM6zfIXe83ixFbtk4yII6m3pMN/+R2OFN  
xTYEXUTCJdA=iQXv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3141-01

Red Hat Security Advisory 2023-3154-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3154-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3154  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.11.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.11.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.11.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXkdzjgjWX9erEAQjuShAAkWX1DSw3Bmb5UQn4/AmVHwBNP3Iduf6L  
l9K0TPID9emj5PFXmatAooRp0G8GpCbdFhnan75SYmhSFu692gIXQ8BskfA94BMV  
7T65knnLu18HX5G/tn7KAVI5WGz7YeL6kf/V9QS5S8WHx7NjUMqmbyCqXVMbjk1F  
DSFtEBbnYb3vzmzC3/zBoRWJ6417v/I3jjLaGYpuCNuVULfMImsfEAXNHGYg6bor  
om/EYGrbTCERFp/m93wBDisKCN5ZsWcwF80xlZNhxp19F5jp38YcyYJNRiT7h4yy  
j/2nn9fEl7yaCJxJL67sNXnkNOpFX9iu3pPmSDmWxiIm8Bups0FrwyMN8DVpMjR0  
1R7pdyuZZ2UHyEf2cqgbOmvOUXKWbSMcUa/QhQnPYn85/9X5XMm7e9AYlm3c9D83  
HB8ot69f1386XXgm55YY7aFI3M90EWc8XryZmqTAVCl6iWCfgPLUoekjvs9aOZcf  
VA0oF/vpIK0VDldgB+7Y/weaZjvy7jdLibzWHlfboRVGz67UispcTARTEAHWOicj  
+izOVINgCz2z8uqrMzE1JXZDondx0ODkyCzJo09oNyW+T6dPHuypkW5SuNk+I+gZ  
qDs4OGEFXVNZXJI6cs6MbyFDJL09U1HenrXySi4sCOfVBNLtdowXowGvszyAEtC0  
gQ+czWiDOnE=5rLU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3154-01

Red Hat Security Advisory 2023-3155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3155-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3155  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.11.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQgLGw/+Nms5Ev0EIc+b4UVd1YnUR5FFjvNXquvt  
WR9NpsXrjMMjQQ5kHZCcvSopeWsWA0G2uCa7vY/8MMCQvXU+8gN1J1QaqbAsIQmK  
azKRn5B1pemKMW98XyxnOO9J6u0N+zBrLnLFYTuWVPZwTqZjRJ+MIv2cMQM3vM+2  
1N+5ElLTNVzkExNBro8ylOGZthcAqAMVYXpf2hDW0JZoToJA3toMjXwdjiJcewmg  
VSFi6iM8KaYepUkwDOPRg/GyzTd6mNe+kaLgLHs46Z3CN8pT3r05kftHLF7Qh2Ua  
qIpPRjqW9I88YFRF1dgxk45I6CcGDoCTDjWYW8c28nOKO9Ntop/XqIZTyKjgZjpW  
DKINKnpru38Xn9+ilkSLL3MI3FQMcI/3bZMIFH/BtiQbu4pPiWeysmP2BiRP8sRm  
I1D7mcavFG5o3k0xnW8/AwMx2es+4TuQnIXz70b0tW/U8TrbW3HWWtQA3Sba+nHe  
zF+AoMjJ4UxlPY0EE1EQ6/M0adp3niumP15Xy625ywXdN4toyra1MBsBqJcx3AiZ  
1jyK1TTgzMCBkftw/96ojdGTU5JiFfHSb0l4uONykI1sw79AhmzjFvrC1xn5L4Kj  
k1V4jhsLx74BWG7++TGwUyxkTXSucu0qxHtAv7KhxmiELs/9qVt58zA+p3wjO/z4  
RF3PcjF94kw=fLdi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3155-01

Red Hat Security Advisory 2023-3142-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3142-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3142  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.11.0-2.el9_0.src.rpm

aarch64:  
firefox-102.11.0-2.el9_0.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.aarch64.rpm  
firefox-debugsource-102.11.0-2.el9_0.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el9_0.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el9_0.s390x.rpm  
firefox-debuginfo-102.11.0-2.el9_0.s390x.rpm  
firefox-debugsource-102.11.0-2.el9_0.s390x.rpm

x86_64:  
firefox-102.11.0-2.el9_0.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.x86_64.rpm  
firefox-debugsource-102.11.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiRXBAAiVIUbn7dOf2NutaLOvipz864YOInXgvg  
DBBWDy4c5i7SlkDPst2YcxDnhKv4k9aj9HUDcNEL8eYgSR6l7brPPj2SSMQdlfCe  
gc0F0E6kHqPzkZ8EO4OCjQHUCfYYKlHRWCqCXRpYYCL0At9XZsk2Br1NsSqnRk3H  
lh9uGVrq56NJcJwjQHKVDrN/jXTDGTzPgqyLMmIUiVh5eTipYnkisRIEAjhRK9Rz  
MDeoIBdywRk6W4uKpNBtj2Q4CdiHJ2RNTjFvtdpYzxUqCdRp1/9G7hz/LRwR8Hnc  
k83snO3fALH46af/hLFej1GZir3EhpG8zJMkOqxtivGd+ly36Ba1iEOeodUxYGh1  
ebjmdj2dGWsaedhxwMy2hDWMoVjXu4629VpnuSJdsxptTxraMGGkyZB0TRSMAGEZ  
NiXXLEUGVWqgq8dOii4vefq75IzSXGUwPguts0jUpxLJG2RhA1M+Uqu0UH7MPdOB  
UKGu+mW5eRHBs62v8ntu6kG6qMw4LpAKAX0Yc/2vBsqJqMaXjoHN5tmrl9oUQKvj  
7FtoaTGl+2RF9zLKUi2LSeQrTws92duNWomoAY8DC6ks0PS0zmLXi8OnX/PLIl6q  
zGo+wLaUqOv+lZmSYx/r58e1pFQoaHvsbPO1yy49s8mUlXS18HmMDVyraiBEnMsC  
6uKZMJvihQI=G9dm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3142-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3145-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3145  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

ppc64:  
apr-util-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-1.5.2-6.el7_9.1.s390.rpm  
apr-util-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-nss-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQX0NzjgjWX9erEAQgRyQ//dcncRu48Jh6moW96jAzVAd5aO1+ZC04/  
o3sqB/de75bp2ISpOCKFsTO5iRY8q4O3pXM5ZBXpVvOmnCfUdBfZDYqrirp0EJGJ  
cbC+p46UdjV6VltZVjK10BG6D2YozMLtyMOOvK4CMYhqlbYRkznkzCsY8CFayANU  
bbBwkDSPFhpoVZHrnxBkXa0jJM25Bt4DD1lmrWsBI46J1Y0PQOdRo0r1gC7jX+EP  
tP1GDnAwdN/e70/wCuehr92Y+idv8Ngbsc71pt0siWh3A3kgMIHy6+QZiZUWW8Zo  
koUSIL9YEgCQ70TAdOSqH2P4Gq2g9CzA/NyB1Kt+AFdpkV4Q+SWrSVbommhI/BeY  
zV20beFPZ+QAS8ddPl/GKWPmpGsTakDIkA1dmo8y7F7S4AXDk8zFqOt5yu4i6e0j  
GL8DHm3mIE2N4DJRFb8lLJ2QN9QQDzlIQg/v3hw+6P8dEiZb/ajh8H92zwlmoH/r  
W3UWyym5l3OvnEFIGqHPY8mBodZhYp/F7WfgsFP2hxjwWuGcpwUW2MBZ0PbIB31l  
Wrx6nJoHMV3tgGEkEIZ7IjRtj/JEP3/y+rFa1GNtp+/3KLpx+fgHFcIg7ESz+h5Z  
1vkti/h/dqn4DDuJ24z9yuSYX8TtRPk0oQJC5twRJHn2zfAdc+z/lgH32USwImTJ  
vgTT/CsNs2s=+nCK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3152-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3152-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3152  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.11.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiHWw//ajvOZcTDGCJ+4O4WOLrInKQl1QUrneko  
4jfE8vi/IOiFFEvdl8oGYj1rROVVBmsR0R1hesHm76AHcCvqXcXQJNRx3k2zFkFU  
VFwkBFq4kkdmdAM08ZVY/oRz6BEqJT+yD4HxkIXwSi32U8i/bIl1W+g8Pw/2a99W  
lbwnoGPbnKMBDtQggpiSFVhDDHnamUkAVYUj6R2v9Q7BwFA9Hm4ir7+6/jbNUzZG  
jM3wllzLPp1Lhi+KzQosL09SKQPJ2rRbc4seBLTRFFdylu1qt6zB/qa+VHbcfByn  
mnVHnN95tj4DPhOxEDC5jfCKOC16+bXSK5x71ClaCjf6DwIqy6zpPredt1HMxB/U  
Q6oxhiMn9+N4/zoslO/5SpbPGibPQ5a+aiHHOlEY9LNlckKFFjxC1LnKxwV0pomV  
JPVtS1sLZuHpUI34hHDid9auwoeqzKEFEcJAkqtESXOHN8BhvSZfP5yiDbm5mKu7  
jHphcOvxt935M8pEc5zYHOumcKCiDD8Wug2TlGL9WNZglqKw03NRxDFIaFy0GMLX  
h2Zg4tts+2zgOe2ESYb44S0m9v4273eSgyMflbY89eFYnzTGdswiAr30cVRDnyvR  
L2Sn7eyNIeK73/OcH4btiuAEC0EXw/o+YKDk5GnDPNvRHp9nqvL6PhT36CX3wO4R  
0NGifNvNLUM=Noqz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3152-01

Red Hat Security Advisory 2023-3138-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3138  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.11.0-2.el8_1.src.rpm

ppc64le:  
firefox-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el8_1.ppc64le.rpm

x86_64:  
firefox-102.11.0-2.el8_1.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el8_1.x86_64.rpm  
firefox-debugsource-102.11.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXc9zjgjWX9erEAQgQLQ//WDSrnqY65X9Z7UuItp6kvlGnIVeIplBE  
8AnuFdw9Np9RMRD8HfuUotRbFCtqiv4N/hUiNIKsfIh4R9lydALWZDlgIrjzPOLY  
KZXjs1JVJcqNcCKZxpCLxyamqR6MIqetD2HkcxrApGWphPRsYnvSmwKaHggAONw/  
DpRHa6VyYlA3BFT/cG5zwnNz9HVAl26aEIo0CooDdNvAYzv0kcjSO/pgC/Zrw4OG  
hnSfSDmVfWQedc9v1UqiAbQUsMfbN8lDj/c1T89laGyZZIJe5h5dG+lOVDdpAOSF  
XTYY595TouGFrcx7OBXRJHTAxxBaNwbMgfQExfDKKX3GRQ9LLbNcCC4wKhcM10Gj  
j4CFBnBQIK5ktYV+hCofPjLZuluF9tQxK9rmgFbttl0dNghQUOAZZ02ZEzsstdzQ  
cap9ZeJHUEuABrBepJH6jBgXyj0Ih2vKyh+0EsF+uhmoCSe6i48vwxWZs1Ns1HGu  
8Wl2jQ2DV2gsQTagPBtDRRALD6iNuvS1ukEQ9a4/m+f4UnrvqP3FIDvwH7kyA8j/  
xZ+aTatzqvDmyU8ObhyNXAc9SIJ2uU1B2oIP9gEi2w65q+VAG0nT1U3ujtFTZHVp  
2v0eKPKM5Sj0KKMbyZsrp+9Ay9YQ7/b+Pk4QBJsjnNOBBINsFRZc/1ToDGQwsoqB  
M3/zADpjqCc=Y/u0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3138-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3147-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3147  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
apr-util-1.6.1-20.el9_2.1.src.rpm

aarch64:  
apr-util-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-devel-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-20.el9_2.1.i686.rpm  
apr-util-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.i686.rpm  
apr-util-devel-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQjKfxAAi9nkw6scvMzD7KVjI2+BZrNp2RmTLuhO  
Gc/m7y7+XV3ZE8tfMb2GdjvTvR6/p9V/J5LX7/hBQ03/EIVjNmv5IbLi4bDsBw2e  
yUpQk2SOdZNhFs7jKeEMHq6fgkYxkeOWLkttH19MZmNv8n8I9X8rQl+KHtUPJ5HZ  
fYtm+oV28kQFkbGIHErZ094KsJKc0Dqsvypf+ywDDXaCqwiK0FU541GWNFiCB7kz  
ncKd6MsZla/az/+vu9dOMrZYTu9bfiEL0smI8XfXwpdo1xC+XNmkNlAkSq2e3paw  
rWhriq3P2Fstjp5Fuz6TksV8b4D86PdP3b2d3VcHHdfnZnMfNy+oYtJoPxo/krJ/  
48SY0BbLgSGRgPeUTjwCh1RUaR9BfIys02TuTnoi4ORKCvQ96Rz2bMlwk+Cdtm6V  
DHbgKn11Morh8ge2myVEOfqaDzAIhLQdLMe7d34fQdKqmQH1A60fCwkQvyUC7BqR  
LLzX6uJUH3hUHmFS05RxqfPu+Bwjp3DYn8+G3pGBLs3hKZqEHVy6ObFQx44Dbuc3  
HLFVizZddN8nDqnBP9VGNdizEnDOKhK5XclCzR58JHTQJzgsvNdKX42N/fmSF4vm  
6256481Doepc67tjtx3bw6vstM+hq9s97Yq7gr1TDR9oTrVZiS6Han7eWK0oSrKk  
ptqJa8LgcIE=yPCQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat