Red Hat Security Advisory 2022-5622-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: container-tools:rhel8 security and bug fix update  
Advisory ID:       RHSA-2022:5622-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5622  
Issue date:        2022-07-19  
CVE Names:         CVE-2022-1227  
====================================================================  
1. Summary:

An update for the container-tools:rhel8 module is now available for Red Hat  
Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The container-tools module contains tools for working with containers,  
notably podman, buildah, skopeo, and runc.

Security Fix(es):

* psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* ubi9-beta/ubi-minimal has a broken microdnf (g_system_thread_new fatal  
error) (BZ#2095808)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2070368 - CVE-2022-1227 psgo: Privilege escalation in 'podman top'  
2095808 - ubi9-beta/ubi-minimal has a broken microdnf (g_system_thread_new fatal error) [rhel-8.4.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
buildah-1.21.4-3.module+el8.4.0+15741+47bb6bfe.src.rpm  
cockpit-podman-32-2.module+el8.4.0+14908+81312c48.src.rpm  
conmon-2.0.29-1.module+el8.4.0+14908+81312c48.src.rpm  
container-selinux-2.167.0-1.module+el8.4.0+14908+81312c48.src.rpm  
containernetworking-plugins-0.9.1-1.module+el8.4.0+14908+81312c48.src.rpm  
criu-3.15-1.module+el8.4.0+14908+81312c48.src.rpm  
crun-0.20.1-1.module+el8.4.0+14908+81312c48.src.rpm  
fuse-overlayfs-1.6-1.module+el8.4.0+14908+81312c48.src.rpm  
libslirp-4.3.1-1.module+el8.4.0+14908+81312c48.src.rpm  
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+14908+81312c48.src.rpm  
podman-3.2.3-0.12.module+el8.4.0+14908+81312c48.src.rpm  
runc-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.src.rpm  
skopeo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.src.rpm  
slirp4netns-1.1.8-1.module+el8.4.0+14908+81312c48.src.rpm  
toolbox-0.0.8-1.module+el8.4.0+14908+81312c48.src.rpm  
udica-0.2.4-2.module+el8.4.0+14908+81312c48.src.rpm

aarch64:  
buildah-1.21.4-3.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
buildah-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
buildah-debugsource-1.21.4-3.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
buildah-tests-1.21.4-3.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
buildah-tests-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
conmon-2.0.29-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
conmon-debuginfo-2.0.29-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
conmon-debugsource-2.0.29-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
containernetworking-plugins-0.9.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
containernetworking-plugins-debugsource-0.9.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
containers-common-1.3.1-7.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
crit-3.15-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
criu-3.15-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
criu-debuginfo-3.15-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
criu-debugsource-3.15-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
crun-0.20.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
crun-debuginfo-0.20.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
crun-debugsource-0.20.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
fuse-overlayfs-1.6-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
fuse-overlayfs-debuginfo-1.6-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
fuse-overlayfs-debugsource-1.6-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
libslirp-4.3.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
libslirp-debuginfo-4.3.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
libslirp-debugsource-4.3.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
libslirp-devel-4.3.1-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+14908+81312c48.aarch64.rpm  
oci-seccomp-bpf-hook-debuginfo-1.2.3-2.module+el8.4.0+14908+81312c48.aarch64.rpm  
oci-seccomp-bpf-hook-debugsource-1.2.3-2.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-catatonit-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-catatonit-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-debugsource-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-plugins-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-plugins-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-remote-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-remote-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
podman-tests-3.2.3-0.12.module+el8.4.0+14908+81312c48.aarch64.rpm  
python3-criu-3.15-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
runc-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.aarch64.rpm  
runc-debuginfo-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.aarch64.rpm  
runc-debugsource-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.aarch64.rpm  
skopeo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
skopeo-debuginfo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
skopeo-debugsource-1.3.1-7.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
skopeo-tests-1.3.1-7.module+el8.4.0+15741+47bb6bfe.aarch64.rpm  
slirp4netns-1.1.8-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
slirp4netns-debuginfo-1.1.8-1.module+el8.4.0+14908+81312c48.aarch64.rpm  
slirp4netns-debugsource-1.1.8-1.module+el8.4.0+14908+81312c48.aarch64.rpm

noarch:  
cockpit-podman-32-2.module+el8.4.0+14908+81312c48.noarch.rpm  
container-selinux-2.167.0-1.module+el8.4.0+14908+81312c48.noarch.rpm  
podman-docker-3.2.3-0.12.module+el8.4.0+14908+81312c48.noarch.rpm  
toolbox-0.0.8-1.module+el8.4.0+14908+81312c48.noarch.rpm  
udica-0.2.4-2.module+el8.4.0+14908+81312c48.noarch.rpm

ppc64le:  
buildah-1.21.4-3.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
buildah-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
buildah-debugsource-1.21.4-3.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
buildah-tests-1.21.4-3.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
buildah-tests-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
conmon-2.0.29-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
conmon-debuginfo-2.0.29-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
conmon-debugsource-2.0.29-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
containernetworking-plugins-0.9.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
containernetworking-plugins-debugsource-0.9.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
containers-common-1.3.1-7.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
crit-3.15-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
criu-3.15-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
criu-debuginfo-3.15-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
criu-debugsource-3.15-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
crun-0.20.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
crun-debuginfo-0.20.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
crun-debugsource-0.20.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
fuse-overlayfs-1.6-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
fuse-overlayfs-debuginfo-1.6-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
fuse-overlayfs-debugsource-1.6-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
libslirp-4.3.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
libslirp-debuginfo-4.3.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
libslirp-debugsource-4.3.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
libslirp-devel-4.3.1-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+14908+81312c48.ppc64le.rpm  
oci-seccomp-bpf-hook-debuginfo-1.2.3-2.module+el8.4.0+14908+81312c48.ppc64le.rpm  
oci-seccomp-bpf-hook-debugsource-1.2.3-2.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-catatonit-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-catatonit-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-debugsource-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-plugins-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-plugins-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-remote-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-remote-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
podman-tests-3.2.3-0.12.module+el8.4.0+14908+81312c48.ppc64le.rpm  
python3-criu-3.15-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
runc-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.ppc64le.rpm  
runc-debuginfo-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.ppc64le.rpm  
runc-debugsource-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.ppc64le.rpm  
skopeo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
skopeo-debuginfo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
skopeo-debugsource-1.3.1-7.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
skopeo-tests-1.3.1-7.module+el8.4.0+15741+47bb6bfe.ppc64le.rpm  
slirp4netns-1.1.8-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
slirp4netns-debuginfo-1.1.8-1.module+el8.4.0+14908+81312c48.ppc64le.rpm  
slirp4netns-debugsource-1.1.8-1.module+el8.4.0+14908+81312c48.ppc64le.rpm

s390x:  
buildah-1.21.4-3.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
buildah-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
buildah-debugsource-1.21.4-3.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
buildah-tests-1.21.4-3.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
buildah-tests-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
conmon-2.0.29-1.module+el8.4.0+14908+81312c48.s390x.rpm  
conmon-debuginfo-2.0.29-1.module+el8.4.0+14908+81312c48.s390x.rpm  
conmon-debugsource-2.0.29-1.module+el8.4.0+14908+81312c48.s390x.rpm  
containernetworking-plugins-0.9.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
containernetworking-plugins-debugsource-0.9.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
containers-common-1.3.1-7.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
crit-3.15-1.module+el8.4.0+14908+81312c48.s390x.rpm  
criu-3.15-1.module+el8.4.0+14908+81312c48.s390x.rpm  
criu-debuginfo-3.15-1.module+el8.4.0+14908+81312c48.s390x.rpm  
criu-debugsource-3.15-1.module+el8.4.0+14908+81312c48.s390x.rpm  
crun-0.20.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
crun-debuginfo-0.20.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
crun-debugsource-0.20.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
fuse-overlayfs-1.6-1.module+el8.4.0+14908+81312c48.s390x.rpm  
fuse-overlayfs-debuginfo-1.6-1.module+el8.4.0+14908+81312c48.s390x.rpm  
fuse-overlayfs-debugsource-1.6-1.module+el8.4.0+14908+81312c48.s390x.rpm  
libslirp-4.3.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
libslirp-debuginfo-4.3.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
libslirp-debugsource-4.3.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
libslirp-devel-4.3.1-1.module+el8.4.0+14908+81312c48.s390x.rpm  
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+14908+81312c48.s390x.rpm  
oci-seccomp-bpf-hook-debuginfo-1.2.3-2.module+el8.4.0+14908+81312c48.s390x.rpm  
oci-seccomp-bpf-hook-debugsource-1.2.3-2.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-catatonit-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-catatonit-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-debugsource-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-plugins-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-plugins-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-remote-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-remote-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
podman-tests-3.2.3-0.12.module+el8.4.0+14908+81312c48.s390x.rpm  
python3-criu-3.15-1.module+el8.4.0+14908+81312c48.s390x.rpm  
runc-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.s390x.rpm  
runc-debuginfo-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.s390x.rpm  
runc-debugsource-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.s390x.rpm  
skopeo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
skopeo-debuginfo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
skopeo-debugsource-1.3.1-7.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
skopeo-tests-1.3.1-7.module+el8.4.0+15741+47bb6bfe.s390x.rpm  
slirp4netns-1.1.8-1.module+el8.4.0+14908+81312c48.s390x.rpm  
slirp4netns-debuginfo-1.1.8-1.module+el8.4.0+14908+81312c48.s390x.rpm  
slirp4netns-debugsource-1.1.8-1.module+el8.4.0+14908+81312c48.s390x.rpm

x86_64:  
buildah-1.21.4-3.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
buildah-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
buildah-debugsource-1.21.4-3.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
buildah-tests-1.21.4-3.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
buildah-tests-debuginfo-1.21.4-3.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
conmon-2.0.29-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
conmon-debuginfo-2.0.29-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
conmon-debugsource-2.0.29-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
containernetworking-plugins-0.9.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
containernetworking-plugins-debuginfo-0.9.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
containernetworking-plugins-debugsource-0.9.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
containers-common-1.3.1-7.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
crit-3.15-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
criu-3.15-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
criu-debuginfo-3.15-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
criu-debugsource-3.15-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
crun-0.20.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
crun-debuginfo-0.20.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
crun-debugsource-0.20.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
fuse-overlayfs-1.6-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
fuse-overlayfs-debuginfo-1.6-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
fuse-overlayfs-debugsource-1.6-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
libslirp-4.3.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
libslirp-debuginfo-4.3.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
libslirp-debugsource-4.3.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
libslirp-devel-4.3.1-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
oci-seccomp-bpf-hook-1.2.3-2.module+el8.4.0+14908+81312c48.x86_64.rpm  
oci-seccomp-bpf-hook-debuginfo-1.2.3-2.module+el8.4.0+14908+81312c48.x86_64.rpm  
oci-seccomp-bpf-hook-debugsource-1.2.3-2.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-catatonit-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-catatonit-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-debugsource-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-plugins-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-plugins-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-remote-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-remote-debuginfo-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
podman-tests-3.2.3-0.12.module+el8.4.0+14908+81312c48.x86_64.rpm  
python3-criu-3.15-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
runc-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.x86_64.rpm  
runc-debuginfo-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.x86_64.rpm  
runc-debugsource-1.0.0-74.rc95.module+el8.4.0+14908+81312c48.x86_64.rpm  
skopeo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
skopeo-debuginfo-1.3.1-7.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
skopeo-debugsource-1.3.1-7.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
skopeo-tests-1.3.1-7.module+el8.4.0+15741+47bb6bfe.x86_64.rpm  
slirp4netns-1.1.8-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
slirp4netns-debuginfo-1.1.8-1.module+el8.4.0+14908+81312c48.x86_64.rpm  
slirp4netns-debugsource-1.1.8-1.module+el8.4.0+14908+81312c48.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1227  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkKNzjgjWX9erEAQi/AhAAgqnZBa3oScNDvv0gJ2jt6VK6sxLgIKk6  
C5BaUpttvPH6c0spUvOmno3uqPmzG/4Eutnqk4CjYJXROziouCXyjfhsa5woK8YJ  
rlKTm+saqgF19bfwms3/k25VqIolpz+rE70mMhl9r1G8BemXUR5g9sR8LwTaVtY+  
cx6mb/wDRoUwnTmTPgReKvNvWf4p6nNwFDBfSExENVSOBkEzzuhe7iimRvnnw26m  
Ol27SIjphGaDIqwpHladeB3RrYsLphrHM9A59CM7LZFRUpt2aIvpUpEBSgMGtnRn  
gBqFZibNfLod1v05S/6IcYN0V3xS70Rr2Dk9PWjFZ3ETYRw4RuYKS26WyJD18+O2  
XhNTnH93xq6pBCSx8h3tEDEpFOQQJJ/I+dQaDkZ4R25D8VU4JiaPpRUiZoyxZBk5  
Wo/AEBOUw40/TTq4m3mW7wqShdMmV03dLtPQ7LBpuLZBZ9975aDW/Q1GWtvKcUIl  
rXTs7jdpK+yQ8atBfecQHQJoSvDwdgDnSxcQdkjzYcej6RVz+i4Fwj2T1nHeAAsU  
J6bQeAiAEY8STz3Ywx/koA5rBTm39/N9GBsfrtvt70iwOVDd4+dgm0OzJJtw/B9D  
/pWT87OIPoMwIjFzTdBO7/JDGxV79jneSWpHwtSDKdJ3E0GpUoWe46FGtXHMQQL2  
FW4VCCs7PYc=7rDy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5622-01

Red Hat Security Advisory 2022-5004-01 - Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenShift Service Mesh 2.1.3 security update  
Advisory ID:       RHSA-2022:5004-01  
Product:           Red Hat OpenShift Service Mesh  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5004  
Issue date:        2022-06-13  
CVE Names:         CVE-2022-23772 CVE-2022-23773 CVE-2022-23806  
                   CVE-2022-29224 CVE-2022-29225 CVE-2022-29226  
                   CVE-2022-29228 CVE-2022-31045  
====================================================================  
1. Summary:

Red Hat OpenShift Service Mesh 2.1.3 has been released.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

OpenShift Service Mesh 2.1 - noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio  
service mesh project, tailored for installation into an on-premise  
OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

* envoy: oauth filter allows trivial bypass (CVE-2022-29226)  
* envoy: Decompressors can be zip bombed (CVE-2022-29225)  
* envoy: oauth filter calls continueDecoding() from within decodeHeaders()  
(CVE-2022-29228)  
* golang: math/big: uncontrolled memory consumption due to an unhandled  
overflow via Rat.SetString (CVE-2022-23772)  
* golang: cmd/go: misinterpretation of branch names can lead to incorrect  
access control (CVE-2022-23773)  
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements  
(CVE-2022-23806)  
* envoy: Segfault in GrpcHealthCheckerImpl (CVE-2022-29224)  
* Istio: Unsafe memory access in metadata exchange (CVE-2022-31045)

For more details about the security issues, including the impact, a CVSS  
score, acknowledgments, and other related information, see the CVE page  
listed in the References section.

4. Solution:

The OpenShift Service Mesh Release Notes provide information on the  
features and known issues. See the link in the References section.

5. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements  
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString  
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control  
2088737 - CVE-2022-29225 envoy: Decompressors can be zip bombed  
2088738 - CVE-2022-29224 envoy: Segfault in GrpcHealthCheckerImpl  
2088739 - CVE-2022-29226 envoy: oauth filter allows trivial bypass  
2088740 - CVE-2022-29228 envoy: oauth filter calls continueDecoding() from within decodeHeaders()  
2088819 - CVE-2022-31045 Istio: Unsafe memory access in metadata exchange.

6. JIRA issues fixed (https://issues.jboss.org/):

OSSM-1107 - Take jwksResolverExtraRootCA out of TechPreview  
OSSM-1614 - RPM Release for Maistra 2.1.3

7. Package List:

OpenShift Service Mesh 2.1:

Source:  
servicemesh-2.1.3-1.el8.src.rpm  
servicemesh-operator-2.1.3-2.el8.src.rpm  
servicemesh-prometheus-2.23.0-7.el8.src.rpm  
servicemesh-proxy-2.1.3-1.el8.src.rpm  
servicemesh-ratelimit-2.1.3-1.el8.src.rpm

noarch:  
servicemesh-proxy-wasm-2.1.3-1.el8.noarch.rpm

ppc64le:  
servicemesh-2.1.3-1.el8.ppc64le.rpm  
servicemesh-cni-2.1.3-1.el8.ppc64le.rpm  
servicemesh-operator-2.1.3-2.el8.ppc64le.rpm  
servicemesh-pilot-agent-2.1.3-1.el8.ppc64le.rpm  
servicemesh-pilot-discovery-2.1.3-1.el8.ppc64le.rpm  
servicemesh-prometheus-2.23.0-7.el8.ppc64le.rpm  
servicemesh-proxy-2.1.3-1.el8.ppc64le.rpm  
servicemesh-proxy-debuginfo-2.1.3-1.el8.ppc64le.rpm  
servicemesh-proxy-debugsource-2.1.3-1.el8.ppc64le.rpm  
servicemesh-ratelimit-2.1.3-1.el8.ppc64le.rpm

s390x:  
servicemesh-2.1.3-1.el8.s390x.rpm  
servicemesh-cni-2.1.3-1.el8.s390x.rpm  
servicemesh-operator-2.1.3-2.el8.s390x.rpm  
servicemesh-pilot-agent-2.1.3-1.el8.s390x.rpm  
servicemesh-pilot-discovery-2.1.3-1.el8.s390x.rpm  
servicemesh-prometheus-2.23.0-7.el8.s390x.rpm  
servicemesh-proxy-2.1.3-1.el8.s390x.rpm  
servicemesh-proxy-debuginfo-2.1.3-1.el8.s390x.rpm  
servicemesh-proxy-debugsource-2.1.3-1.el8.s390x.rpm  
servicemesh-ratelimit-2.1.3-1.el8.s390x.rpm

x86_64:  
servicemesh-2.1.3-1.el8.x86_64.rpm  
servicemesh-cni-2.1.3-1.el8.x86_64.rpm  
servicemesh-operator-2.1.3-2.el8.x86_64.rpm  
servicemesh-pilot-agent-2.1.3-1.el8.x86_64.rpm  
servicemesh-pilot-discovery-2.1.3-1.el8.x86_64.rpm  
servicemesh-prometheus-2.23.0-7.el8.x86_64.rpm  
servicemesh-proxy-2.1.3-1.el8.x86_64.rpm  
servicemesh-proxy-debuginfo-2.1.3-1.el8.x86_64.rpm  
servicemesh-proxy-debugsource-2.1.3-1.el8.x86_64.rpm  
servicemesh-ratelimit-2.1.3-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-23772  
https://access.redhat.com/security/cve/CVE-2022-23773  
https://access.redhat.com/security/cve/CVE-2022-23806  
https://access.redhat.com/security/cve/CVE-2022-29224  
https://access.redhat.com/security/cve/CVE-2022-29225  
https://access.redhat.com/security/cve/CVE-2022-29226  
https://access.redhat.com/security/cve/CVE-2022-29228  
https://access.redhat.com/security/cve/CVE-2022-31045  
https://access.redhat.com/security/updates/classification/#critical  
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj49zjgjWX9erEAQgckw//dWuW9UCVvebhaNN2VyMupXOGEXMXlBp2  
RUbS4wp6/7x9c8UOvcBWhZORVzZ+MNRYp2137Otb0YB17LTs8VAzsLiU5bTvc//y  
CE4Cwfqg/RPoNOFZHnjHDRoldK42L0Wqon/+e6fYbjRL8ECbwnMOLl3qKbhuigi1  
tLm5naN3Y7U4F+R6Fgi7iniL9cYmAd+Y3BlDij8Wf6PJSHUfSh6PaduYgnXavS7p  
u6Vzg3QKqFDKyU2nXKNSB9VsJ7mMs0Nza6tfpAwhoIO36D54NqgTCBMgxKdnohhM  
ZIBVqFVAxABDKlsMoMG2dfJR7c+aHTGC4PC53b/KTU+f+F9uBbk5OpXEjCODe+K3  
4mmq3CoeTKE+HGhb3hCbO+X3jhG2wWK8fRcgsYagbszH5zHqnfM5YDVYvH/EMlun  
gXcS/sFoATqwf2nxenPYzQrkJKwUBL+74jWLshK44PvlR0n1EWUPGrHeMymGWWz8  
8BB9e6GVEqPRqW2AQKkuEqardLZRHuERkP9g6GSfxi7pXU5phDWF+c3tC5klGhew  
ffIvOsvBmcpov+5W+p4vHTNW/3gATrCDFvT9fJBOMGLNk6LzTHqoxqB5Ev+qgRBo  
UcZRaTlTTwiBf5NcYTBPLvoqjilahFpA1kKkN/YTCHePtHy7bY1L8MveVsV6MW0d  
a36YRXXR0DcÞmi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5004-01

Red Hat Security Advisory 2022-5719-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: grafana security update  
Advisory ID:       RHSA-2022:5719-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5719  
Issue date:        2022-07-26  
CVE Names:         CVE-2022-31107  
====================================================================  
1. Summary:

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives  
a detailed severity rating, is available for each vulnerability from the  
CVE  
link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Grafana is an open source, feature rich metrics dashboard and graph editor  
for  
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* grafana: OAuth account takeover (CVE-2022-31107)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104367 - CVE-2022-31107 grafana: OAuth account takeover

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
grafana-6.3.6-5.el8_2.src.rpm

aarch64:  
grafana-6.3.6-5.el8_2.aarch64.rpm  
grafana-azure-monitor-6.3.6-5.el8_2.aarch64.rpm  
grafana-cloudwatch-6.3.6-5.el8_2.aarch64.rpm  
grafana-debuginfo-6.3.6-5.el8_2.aarch64.rpm  
grafana-elasticsearch-6.3.6-5.el8_2.aarch64.rpm  
grafana-graphite-6.3.6-5.el8_2.aarch64.rpm  
grafana-influxdb-6.3.6-5.el8_2.aarch64.rpm  
grafana-loki-6.3.6-5.el8_2.aarch64.rpm  
grafana-mssql-6.3.6-5.el8_2.aarch64.rpm  
grafana-mysql-6.3.6-5.el8_2.aarch64.rpm  
grafana-opentsdb-6.3.6-5.el8_2.aarch64.rpm  
grafana-postgres-6.3.6-5.el8_2.aarch64.rpm  
grafana-prometheus-6.3.6-5.el8_2.aarch64.rpm  
grafana-stackdriver-6.3.6-5.el8_2.aarch64.rpm

ppc64le:  
grafana-6.3.6-5.el8_2.ppc64le.rpm  
grafana-azure-monitor-6.3.6-5.el8_2.ppc64le.rpm  
grafana-cloudwatch-6.3.6-5.el8_2.ppc64le.rpm  
grafana-debuginfo-6.3.6-5.el8_2.ppc64le.rpm  
grafana-elasticsearch-6.3.6-5.el8_2.ppc64le.rpm  
grafana-graphite-6.3.6-5.el8_2.ppc64le.rpm  
grafana-influxdb-6.3.6-5.el8_2.ppc64le.rpm  
grafana-loki-6.3.6-5.el8_2.ppc64le.rpm  
grafana-mssql-6.3.6-5.el8_2.ppc64le.rpm  
grafana-mysql-6.3.6-5.el8_2.ppc64le.rpm  
grafana-opentsdb-6.3.6-5.el8_2.ppc64le.rpm  
grafana-postgres-6.3.6-5.el8_2.ppc64le.rpm  
grafana-prometheus-6.3.6-5.el8_2.ppc64le.rpm  
grafana-stackdriver-6.3.6-5.el8_2.ppc64le.rpm

s390x:  
grafana-6.3.6-5.el8_2.s390x.rpm  
grafana-azure-monitor-6.3.6-5.el8_2.s390x.rpm  
grafana-cloudwatch-6.3.6-5.el8_2.s390x.rpm  
grafana-debuginfo-6.3.6-5.el8_2.s390x.rpm  
grafana-elasticsearch-6.3.6-5.el8_2.s390x.rpm  
grafana-graphite-6.3.6-5.el8_2.s390x.rpm  
grafana-influxdb-6.3.6-5.el8_2.s390x.rpm  
grafana-loki-6.3.6-5.el8_2.s390x.rpm  
grafana-mssql-6.3.6-5.el8_2.s390x.rpm  
grafana-mysql-6.3.6-5.el8_2.s390x.rpm  
grafana-opentsdb-6.3.6-5.el8_2.s390x.rpm  
grafana-postgres-6.3.6-5.el8_2.s390x.rpm  
grafana-prometheus-6.3.6-5.el8_2.s390x.rpm  
grafana-stackdriver-6.3.6-5.el8_2.s390x.rpm

x86_64:  
grafana-6.3.6-5.el8_2.x86_64.rpm  
grafana-azure-monitor-6.3.6-5.el8_2.x86_64.rpm  
grafana-cloudwatch-6.3.6-5.el8_2.x86_64.rpm  
grafana-debuginfo-6.3.6-5.el8_2.x86_64.rpm  
grafana-elasticsearch-6.3.6-5.el8_2.x86_64.rpm  
grafana-graphite-6.3.6-5.el8_2.x86_64.rpm  
grafana-influxdb-6.3.6-5.el8_2.x86_64.rpm  
grafana-loki-6.3.6-5.el8_2.x86_64.rpm  
grafana-mssql-6.3.6-5.el8_2.x86_64.rpm  
grafana-mysql-6.3.6-5.el8_2.x86_64.rpm  
grafana-opentsdb-6.3.6-5.el8_2.x86_64.rpm  
grafana-postgres-6.3.6-5.el8_2.x86_64.rpm  
grafana-prometheus-6.3.6-5.el8_2.x86_64.rpm  
grafana-stackdriver-6.3.6-5.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-31107  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFjxdzjgjWX9erEAQi2gg/+Mbhoq3V0HDfeqYn9DiYBkMl82dxFNSot  
H1YvcnX8cbK9x9smkF0pU7RYi9lMN3AlF/T/GD8AObsJSk1VLtvAs1I0k246OJnz  
Vzsvr0Yj0K0ypREv5kLxaTzQ4qoDPpXdgBwxxRItJAtWDVlWffun54cNzDL8D9Qg  
zkuRk2D2REC1W8g3AMUt9ClcpwNCfFVqJwB4OZstTkP6XherWuTjPJ99oh0kvYPG  
jbP8QI4TYHok9SfvRVPGjR8t8z5/6xhh4nw5rIBp/VlYbFS1SGvpLyx35jnv7LLM  
q8wqkUYrGlfMa4salHipCqIqjrOh3XkYx/h3wHJNPac5OD4JjZQSRGaPAw/CYJZH  
xxuScr4GeYBIQAuFLWgxU0uUufkPo85Ek+4uCGLtz1OmLCvlhBPPtttq9JtWcXIP  
tqbl5WT8LwTsUWlojxWT/X92Rq3IQXoEjFChaaJsg/5tjHo0B6p7yevldaMUOQsY  
cL0RXiI4MO7dNEGTaGu/pUnMzQe4x7h6WO1I9EX4OrvwAldpU4Uq2bxlemEOjEv4  
VeoNYVmOM45Tp78KKrDEiF094fxSgZmcLDCzganHTjfk0/xMEAbTMrn9U8xihXk/  
wiPcWYR3Tazsus2Bs26q3ElADirgTwRIVN0MzPkcrl4krrLyBZd4/6FVc0zYchKZ  
pFDHhfWaSWY=+SbP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5719-01

Red Hat Security Advisory 2022-5597-01 - An update for pandoc is now available for Red Hat Enterprise Linux 8. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pandoc security update  
Advisory ID:       RHSA-2022:5597-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5597  
Issue date:        2022-07-18  
CVE Names:         CVE-2022-24724  
====================================================================  
1. Summary:

An update for pandoc is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Pandoc is a markdown/markup conversion tool. The version of pandoc in RHEL  
8 CRB uses cmark-gfm (GitHub's extended version of the C reference  
implementation of CommonMark) for parts of its conversion. The update,  
fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing  
which may lead to heap memory corruption when parsing tables with more than  
UINT16_MAX columns.

Security Fix(es):

* cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2060662 - CVE-2022-24724 cmark-gfm: possible RCE due to integer overflow

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:  
pandoc-2.0.6-6.el8_6.src.rpm

aarch64:  
pandoc-2.0.6-6.el8_6.aarch64.rpm

noarch:  
pandoc-common-2.0.6-6.el8_6.noarch.rpm

ppc64le:  
pandoc-2.0.6-6.el8_6.ppc64le.rpm

s390x:  
pandoc-2.0.6-6.el8_6.s390x.rpm

x86_64:  
pandoc-2.0.6-6.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-24724  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkC9zjgjWX9erEAQiiJA/8DMprplAk7l4hD53FuNxy5kp1Zk1eQjqR  
fl/MHjIejiRD4/Rk5GrKNip2P97tCMFzn+NAhjyBlIKCuiJKUuSMl/OHvLHJA9D7  
RyKZnqqewYZY/fBpi5DN1IfPSVR4bFZeVsmPK0hvK85vkK7nhByd5QQ7q53D3nCR  
jQxU1VBt23wkZGVkeE93ElsZeh5G+4LecOPD4MAmiurq9zDlpM/8uTYhdCmLom3X  
aC/mXDu9SyvI5zYGfXYzW/vmnqaSARX5BIdxgkRkuitBYZ4y4LL8ipQxDmhaDUEt  
QGg5fcZqUWL557Lupg0A2dCFhgFBwmimtdpZanIiSVYd9lKAvgExb1tou0Ip9hzT  
PomTiqfHfg9qxnyNayrpSWao/qE+pwWjo2hZJrMAVUUZR1WhWVfKH8pf2duto2X3  
O/IwZYmOP8utBiYPZ2A/Q+xLH752cnOfJWZEPMu4dS+Mo+PteZYLyCcE7+2w16qY  
q6ZccjeBdo7kJZu1dYlllDSMPL97Z5Z3SZK/USvgNoCQpZQAqt/94VKZkaPwySrJ  
805OBag7GhtfIg5v4ul43dKBNbq3+QXxcwa4zv4DTJ0fNEgo/rDoZ4ysN+eSPLyS  
aOFiva8E9a5c6PBiSOV3zI6sAkQz1g8VfxdcDZRQKDResUoSwMb52H0Fk+Z0ACLc  
VjOk/nbwCE0=Kjz5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5597-01

Red Hat Security Advisory 2022-4931-01 - The RHV-M Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]  
Advisory ID:       RHSA-2022:4931-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4931  
Issue date:        2022-06-07  
CVE Names:         CVE-2021-3677  
====================================================================  
1. Summary:

Updated RHV-M Appliance packages that fix several bugs and add various  
enhancements are now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64  
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - x86_64

3. Description:

The RHV-M Appliance automates the process of installing and configuring the  
Red Hat Virtualization Manager. The appliance is available to download as  
an OVA file from the Customer Portal.

Security Fix(es):

* postgresql: memory disclosure in certain queries (CVE-2021-3677)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

Bug Fix(es):

* RHV-M Appliance rebased on RHEL 8.6 (BZ#1997073)

* Previously, a self-hosted engine deployment failed when an OpenSCAP  
security profile was applied, resulting in the SSH key permissions being  
changed to 0640. In this release, the permissions are not changed and the  
deployment succeeds. (BZ#2011309)

* rng-tools, rsyslog-gnutls, usbguard packages added to the RHV-M Appliance  
to comply with DISA-STIG profile requirements (BZ#2070963)

* OVA package manifest added to the RHV-M Appliance RPM. (BZ#2070980)

* Previously, the nodejs package was downgraded during the RHV-M  
installation.  
In this release, the correct version of the nodejs package is installed and  
maintained. (BZ#2075852)

* RHV-M Appliance rebased on Ceph 4.3 (BZ#2090137)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1958396 - RHV installation process downgrades some packages  
1997073 - Rebase RHV-M Appliance on RHEL 8.6.0  
2001857 - CVE-2021-3677 postgresql: memory disclosure in certain queries  
2011309 - sshd service fails to start after rebooting to apply FIPS settings  
2050071 - Use authselect in RHV-H and appliance images  
2056146 - Hosted engine deployed failed since no enabled repositories can be found for engine setup.  
2070963 - Include packages needed by DISA STIG  
2070980 - [RFE] Include a manifest in the rpm  
2073965 - [Hosted Engine]Error message  "Destination directory /etc/fapolicyd/rules.d does not exist" is displayed but it is existed  
2075852 - nodejs module not enabled causes nodejs downgrade to version 10  
2090137 - Rebase rhvm-appliance on ceph 4.3

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:  
rhvm-appliance-4.5-20220603.1.el8ev.src.rpm

x86_64:  
rhvm-appliance-4.5-20220603.1.el8ev.x86_64.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:  
rhvm-appliance-4.5-20220603.1.el8ev.src.rpm

x86_64:  
rhvm-appliance-4.5-20220603.1.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3677  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj29zjgjWX9erEAQjj7RAAluJoSnFbhfCHvE/0HwzZIXt+LC5+QPor  
HffFFR3MtPWTmQtlJCuFoyhRfBNU7CgUyEyOJI3BKycXv/NlpVRDQroRWQPz0tLF  
ZmwByCjauSZ4OLCikYLDuIuZUHZPWWOLAh9d0wP1Im9GvYkaKiTIjvLMNsQt5U8h  
NTADL/9OJMXpFDa6IvfpeBZXDnYUYUZEYhFKfZTHuSeOHcsRnPPRd3TcikLroxma  
+Rqwn4VkN2CnJS0Z8XYf6Y7PCOif0ynxE7GH5xOEJ9qT36ikjw427bOBSMB4xU6K  
0JWvYMVPv7d9BNxQhJe1F+Eg/vKLe6fZp1LLPS8BSK4uWoFsUOYaGDiPk/JdWUon  
1YrH96YphQYxBtOz+4DITFsMe8TV9uDbq1P3zlHdCFRaCTiZFX0wk3ZgRvnF7TP2  
9pWV0LEUwgjHs7nlVkdAxqQGJEz3U+CcGlwW9T4pji86J+nszzqZY9vdVcgMUetv  
4jbVFkMr4bSoJwjIQVTSC5/BgbBvdG0cgGLNeamYfBXN5MROE2MkLR9n+PIrTUGG  
vmaS+Ak8yNDX2r7P2dh62ebncnNu2z7gVl9DY3NwbxWArCvdxE9P0JfB7ogvLxv7  
F1aHF4dJYnd3ABkmIvdTyWo8lLMH/EKPaxCCp489q4WJvOG9L+xH6l+SYoKA6x5t  
OUChjlkp1dQ=hW7D  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4931-01

Red Hat Security Advisory 2022-5620-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: 389-ds:1.4 security update  
Advisory ID:       RHSA-2022:5620-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5620  
Issue date:        2022-07-19  
CVE Names:         CVE-2022-0918 CVE-2022-0996  
====================================================================  
1. Summary:

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The  
base packages include the Lightweight Directory Access Protocol (LDAP)  
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)

* 389-ds-base: expired password was still allowed to access the database  
(CVE-2022-0996)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2055815 - CVE-2022-0918 389-ds-base: sending crafted message could result in DoS  
2064769 - CVE-2022-0996 389-ds-base: expired password was still allowed to access the database

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.src.rpm

aarch64:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm

noarch:  
python3-lib389-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.noarch.rpm

ppc64le:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm

s390x:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm

x86_64:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0918  
https://access.redhat.com/security/cve/CVE-2022-0996  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFjp9zjgjWX9erEAQibcA//e7IoFJtT3qHISfZJUx251gk6a5U6OASl  
lPn3Lj1K0WNjFyC2qKMgO95wsVXGX8ZlFpZk8e7wKZCnIvOhKQr/BHpWx7p4X5Zn  
dngICO7dqyX7Md36ZLXQT3AUFQGslBzUj+iEx3lQHOitF9PBpcqe6TIVRR/Yo2aQ  
mtp5bKR/YzcQZ1AK6R/K5H4d25vjoCoIW5IMtGM5MrLdc5rFFOY35CMOLVU1eqMR  
SfdNdPyt3WGsvmi6BoGDG8Sc+VEX17LqbbkEQRESIeGSiwhjzgp5mJUhiNvQdNNl  
yIYOnPzC8usPYtApHtS/heDtBzdI9OsjIPcuCfUqjTp28T4kmFgMUBB4z9H8WsJZ  
u1G9daAKQkl+Q5Qx/xGJQwOXprHUw6OmWyZhZ7pu9sB4dJV3GdCTry+nMX8suLrn  
E7aizjuY+bofNl2qMe3W0E8AB5GoYE2HqP8Q5MATZgHU5BpqnclO2DCCQlSp7qCV  
IxLUR5WvIBXXj0TehH5FtplsLOmsTdbIyYIkudmIQaUiMnanYqabDC0sUUTC2Gbu  
d1fPl+aPIcOmPBuREParIbgqpuAI7sUJKpP/6jDIrw+2nCMiMni/pRV3etXEPTzk  
fEkVObM9uRQNpDpVZoXCnB9FEI7dpuTAi3Re9cW94iY2NvR4VecVa724coqd7yBm  
FfNJHVck/d0=OWXq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5620-01

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update  
Advisory ID:       RHSA-2022:5556-01  
Product:           RHOL  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5556  
Issue date:        2022-07-18  
CVE Names:         CVE-2020-28915 CVE-2021-38561 CVE-2021-40528  
                   CVE-2022-1271 CVE-2022-1621 CVE-2022-1629  
                   CVE-2022-22576 CVE-2022-25313 CVE-2022-25314  
                   CVE-2022-26691 CVE-2022-27666 CVE-2022-27774  
                   CVE-2022-27776 CVE-2022-27782 CVE-2022-29824  
====================================================================  
1. Summary:

Logging Subsystem 5.4.3 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.4.3 - Red Hat OpenShift

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.4, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2536 - Setting up ODF S3 for loki  
LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.  
LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator  
LOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `  
LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http'  
LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.  
LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle.  
LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image

6. References:

https://access.redhat.com/security/cve/CVE-2020-28915  
https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2021-40528  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1621  
https://access.redhat.com/security/cve/CVE-2022-1629  
https://access.redhat.com/security/cve/CVE-2022-22576  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/cve/CVE-2022-27666  
https://access.redhat.com/security/cve/CVE-2022-27774  
https://access.redhat.com/security/cve/CVE-2022-27776  
https://access.redhat.com/security/cve/CVE-2022-27782  
https://access.redhat.com/security/cve/CVE-2022-29824  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkANzjgjWX9erEAQj0ZRAAn4XL+QhuyVQ5G+XzACk10EOuIUfBONR7  
BWzj5OkoIb1x5FMvRAaeUyilnh9klyM0940AG2pmkqNCAtnkTX5SnJJTHAzzJkon  
tg55o71rOhQiOR5DaaqY7PXL/eXE7UP9QmpPK05qVJMklFvgwuNR+ETBcyKC7Yxy  
ic8Chqtt4rLMsYAQRwfsL5rYoL6sssj4yIp/dCgjl2J0hcMnkFejP2nHLuT4npFl  
IoxkWd6ipXEmV7NjtcFgp2rw3v2a45tvt2KhDt9drCMLdckYlMi10tKyr3JfoW/A  
yjzF9JfrEXYv4+ZUaQecKS/hjD9eQtydIF8uGB5gYPmq2qGD6fASXgc2z2FJH23j  
DTEIdJb2R9jqCqZPVB5addeyt/LY6hLi7CG2HOl6uK6p9mmDj/JASPdXVf02qD25  
F7SbfCsFDzvykXbFdXsbszMku92aStFW6c0PlBmDYY93+uAZfj2+QB+at2J8v+4g  
cPEZHrar++fM96ubtP3ABxGqSpCMVErqeGinPN2geDy49ZWMQTjxwRfK3epO9Vkf  
9+JdwuEahDtjo8eZji6djUN1xw5ARftrukS5mqYAlgrcl8EImsFuM2+Y1Boz5w0S  
uUCxE0cXU2oc6x26fy4zKbssvj6tl31qJKZAc39t+xOJYm/F0yit+psNWoNzqx2q  
eBX5tmvYQ+s=9knG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5556-01

Red Hat Security Advisory 2022-5564-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:5564-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5564  
Issue date:        2022-07-13  
CVE Names:         CVE-2022-1729  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: race condition in perf_event_open leads to privilege escalation  
(CVE-2022-1729)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* conntrack entries linger around after test (BZ#2066356)

* Any process performing I/O doesn't fail on degraded LVM RAID and IO  
process hangs (BZ#2075075)

* fix data corruption caused by dm-integrity (BZ#2082184)

* Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083308)

* SUT will flash once color screen during boot to OS. (BZ#2083384)

* Kernel Support Fixes for UV5 platform (BZ#2084645)

* i/o on initiator stuck when network is disrupted  
(4.18.0-372.9.1.el8.x86_64) (BZ#2091078)

* glock deadlock (using the dct tool) (BZ#2092073)

* Recursive locking in gfs2_fault (read/write + mmap) (BZ#2092074)

* 8.6.z backport of "vmxnet3: add support for 32 Tx/Rx queues" from BZ  
2083561 (BZ#2094473)

* System freezes with callstack in dmesg: ret_from_fork (BZ#2096305)

* Need some changes in RHEL8.x kernels. (BZ#2096931)

* Bad length in dpctl/dump-flows (BZ#2097796)

Enhancement(s):

* Elkhart Graphics - remove force_probe flag (BZ#2075567)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-372.16.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.16.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.16.1.el8_6.aarch64.rpm  
perf-4.18.0-372.16.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.16.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.16.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.16.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.16.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.16.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.16.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.16.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.16.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.16.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm  
perf-4.18.0-372.16.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.16.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.16.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.16.1.el8_6.x86_64.rpm  
perf-4.18.0-372.16.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.16.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1729  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkVNzjgjWX9erEAQg4ow/9GVx9U8IRNmKVSE50ZMzPCy/GjH06geJi  
/VKdhtWUnH9WcTy7XWkKg5zdL7eaXy48bk9RZhKb67yZL9JbMXkjlkGEPFK/AIjB  
zNTP3IGRJer40SD6gI2T0R4lr+Sfw8S/1PtflptAZ6a9zuGdYuRr5x2mmrTvSYPK  
LlyG7ht06WqCd7U27k8H6QJufZPkkWeni8mel3Z0i8ksAvj3QjPDJnPePlQH18gu  
NUZLpXkNP4ngqGLcdzMEBMkoeN9GOGvxBBN0nI/UMWkbzL+6F79ZtuRrWLy0tgBJ  
F4pllNgRAkEcJb2VZxvBsMVpseOQO6tu8kJPuZxx1x1WlBAji8zpbwQe5o2/sZYQ  
wObGNeaLrN2SC6tWsC/lRMfVvLHuCwDPIqGQS5waHRyCqWKIhK5EPsW/wWYd/dJ7  
bbTKzoTGrxq3QAFpG9+/bABvfb8gSNJfyoeG2AZLGZFlls20AeD8gY7gDnqbvKw2  
HKwO3DpUAa3ntjuzRnwMPdrhLLxbCqq4Ql0HHkCpma8TrhEiv03eV99W4Cwlto7T  
WwfbeKAh0eaRw9AaYR8/+EVs3JhrGscsrju+PTfrdx3B/nkWr28Kq8bFHhOzgJ9l  
jwyq8NeJLTJplZiw12VzH45OC8hFyfECN+AdGLrpGMhSyMlxGratodDjNZ0vDL+d  
N3UZEXcLXJI=6VHN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5564-01

Red Hat Security Advisory 2022-5681-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security and bug fix update  
Advisory ID:       RHSA-2022:5681-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5681  
Issue date:        2022-07-21  
CVE Names:         CVE-2022-21540 CVE-2022-21541 CVE-2022-34169  
====================================================================  
1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)  
(CVE-2022-34169)

* OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540)

* OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot,  
8281866) (CVE-2022-21541)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance()  
[rhel-8, openjdk-11] (BZ#2099918)

* Revert to disabling system security properties and FIPS mode support  
together [rhel-8, openjdk-11] (BZ#2108249)

* SecretKey generate/import operations don't add the CKA_SIGN attribute in  
FIPS mode [rhel-8, openjdk-11] (BZ#2108252)

* Detect NSS at Runtime for FIPS detection [rhel-8, openjdk-17]  
(BZ#2108269)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2099918 - rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108249 - Revert to disabling system security properties and FIPS mode support together [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108252 - SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [rhel-8, openjdk-11] [rhel-8.4.0.z]  
2108269 - Detect NSS at Runtime for FIPS detection [rhel-8, openjdk-17] [rhel-8.4.0.z]  
2108540 - CVE-2022-21540 OpenJDK: class compilation issue (Hotspot, 8281859)  
2108543 - CVE-2022-21541 OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)  
2108554 - CVE-2022-34169 OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-11-openjdk-11.0.16.0.8-1.el8_4.src.rpm

aarch64:  
java-11-openjdk-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-11.0.16.0.8-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-debugsource-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.16.0.8-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.16.0.8-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkH9zjgjWX9erEAQhMuxAAjBBiwVoupN7K7vGJxGdqZIDBhb7zAFPU  
9Wc0UkVBgakIZyAHUUngb8OuraUHIKA9jYinELqSqR5CkMRRNyU+uawUIVb5AfpM  
mlaszWok2XFh0pUi3A3cc3hAvzXKiOuJTauahF3Gp979YlKkdg7HMpYCaRXb3jyU  
vAdU5RtTpLEoVy8Yi0k/8aTx578OJDosIxe/7hcu4F9HyF6WQzK1pY9lnafh2lxn  
ageHEVKkrhTmBLjx3jrINiavlqYxiwwhAs+MFheVjZICSQUQFhlsh6GlYXhQi2+m  
ioUxPpWw1aBg+qqlOchQQDRRvqjx8JtovuoUD5yH5ZQau1XSQw/LisYu2fvGgKU6  
u/1ooinqW1NlCGtCmHM/f3oVNY/u6/8WZgYRHrBdEOSvpC4zZx9uCLPrRYLMMvfN  
NB0Co1ww6AXd5QwuKNBUgcV6f/Ni5ReuUODsMF200STjzAC0dnKTmKmI6zNbTcDR  
OLW+Jc5hG5MyC7jIKnpNXcXz40sv4Cp6K53LhwctR5HDdkz61cnoT9ULp0s4EEDj  
yoO73HBLfjNv/sxTxgazIEj3jyKFWw7IoMRHQrW+dbVB5h0+r8CBnQPnTYJ4Pn5n  
tazGC8McjeKzC4c4h68/lUwmnaCbNLm/MGtNqxO0BIeelacM+LXhEMTQkykiUopv  
TGrZ5kpHGSI=9lTp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5681-01

Red Hat Security Advisory 2022-5596-01 - This release of Red Hat build of Quarkus 2.7.6 includes security updates, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Quarkus 2.7.6 release and security updateAdvisory ID:       RHSA-2022:5596-01Product:           Red Hat build of QuarkusAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5596Issue date:        2022-07-19CVE Names:         CVE-2020-36518====================================================================1. Summary:An update is now available for Red Hat build of Quarkus. Red Hat ProductSecurity has rated this update as having a security impact of Moderate. ACommon Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability. For moreinformation, see the CVE links in the References section.2. Description:This release of Red Hat build of Quarkus 2.7.6 includes security updates,bugfixes, and enhancements. For more information, see the release notes pagelistedin the References section.Security Fix(es):* CVE-2020-36518 jackson-databind: denial of service via a large depth ofnested objects [quarkus-2]3. Solution:Before applying the update, back up your existing installation, includingallapplications, configuration files, databases and database settings, and soon.The References section of this erratum contains a download link for theupdate.You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects5. References:https://access.redhat.com/security/cve/CVE-2020-36518https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/https://access.redhat.com/articles/49661816. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYuFkTtzjgjWX9erEAQhVwA/9HDoYsZc/1EEAG+m5aEGmL4Y+xh4focYSdXKiKg6BTY/GvdCkxseYf4rGsQqEagQ6eEqJNJHFDY8RJsg/hnhz57W0cUprZzC0HGa6iPBylPII5PBZ0kwjVpezz1onEWJ4TTd19fvlKrL5DCRT4ftlVl4N+ER9l4Ig0NRJ2C12tLs7Qe9U4Wl6+pP5OppxMx1chOH4i3TlRfJDDBLqbzrNnjs4WZvMl5bCKQwzT1l4dMBai2elzkmW4uizkSPrYQ/DYubUk2gctqDb0h5NURMWXC1Pxdiah+uNOgAa+HtNMzob7SkcUTQzO2M+z/8vsDnnOjq4mVAUhBMHKgDJv0d6/YRoyH4HMOeXYBurEbM4TWTCyeeSCCdScMKyKJXlgRf7gm5rVJC77jnB1T/HgrlzgUTtgq/YGk8e5RJqvUgGNSfIjqVP8BnzRoOr05kOemc2591FD+koFF0/Vt8VylMs4S0FRNCKq/bO/uznpR595k8oGTdeHDXJ9zczyIiUQU/J/JNPdTuAVB6c0aaec8wYQ2h75bl/5C8pTsQ3pVidzccmLorNoNKARsEDj8QU8KacvV475oLAA/6LQrOEpKTl3I3EcKX8FhLumjHb6gEYQMuON6RuIS2G3cOERLkRuEMYJpZgOCsIZ1zIiNH+7s85qmtA1R2Zmcbe3FiPyr0wEi8=Tk+0-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat