Red Hat Security Advisory 2022-4772-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Critical: thunderbird security update  
Advisory ID:       RHSA-2022:4772-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4772  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.9.1.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-91.9.1-1.el9_0.src.rpm

aarch64:  
thunderbird-91.9.1-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-91.9.1-1.el9_0.aarch64.rpm  
thunderbird-debugsource-91.9.1-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-91.9.1-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-91.9.1-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-91.9.1-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-91.9.1-1.el9_0.s390x.rpm  
thunderbird-debuginfo-91.9.1-1.el9_0.s390x.rpm  
thunderbird-debugsource-91.9.1-1.el9_0.s390x.rpm

x86_64:  
thunderbird-91.9.1-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-91.9.1-1.el9_0.x86_64.rpm  
thunderbird-debugsource-91.9.1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx+tzjgjWX9erEAQj4Nw//UccWBnV34jWNz3LYC+EdQi32Xp5qNU4s  
aQJMfrJRGEpIRCjrgar0C6UIK+pJLKaSDi9EFneXd33YOi6VWsx/6p+1Y4GLV6lB  
glMkv/oVpkP7OM0UYIlIwJAsZiGQnUbfBOqDzUI0g/mRZB47kr17oDJzSbKAd3to  
vM0awAu17XT7D++lZfQ1NZX0vIMcnJapEbUgMkNbWXkRTWrFg+9qdUkhbxaelDRx  
5jqJXIFgrsCQ/Usxf3FDQlu4nCU6rnUyJcko++/P2IHSM+g49/oKUD1Jw1wMlJdf  
9Vgv5buDtw2R0lpYZRFcIX2uHpCvFjMGQKULDEWlP1E1kAve+Pjj83kdFCLnbFgw  
EOPc63KHQ6/I/51krPCnJwaC8EqsJTNvhigBgCRv7ZtlcsK5BO7vGRb3cbdnCIPq  
aPcCHQAvqtBx16HMHUyidPuFcvqwGTWrFn+BbQb00OXwF5jlbd9O6yGD3Ga/zhxk  
9WrE6oUI/dw1EECVt5TpsJ44aczlKkhStqOD7JC0TIgTtLEnaUOMbYOfblttWCrw  
mz/sZYamazsr/zme2w8IvJs5TBcKF/A2bWYZKI6fji9zzYyQIVK/afH4JG45ULT3  
pFR2W5nLm5cydtcSdSDR73iZDsUviRFQoi7dLBYpAp9PtHD8L7EgieiMFVr1UR6y  
BDmGMV/eZJM=2JqP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4772-01

Red Hat Security Advisory 2022-4786-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.13 security update  
Advisory ID:       RHSA-2022:4786-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4786  
Issue date:        2022-05-27  
CVE Names:         CVE-2021-3839 CVE-2022-0669   
=====================================================================

1. Summary:

An update for openvswitch2.13 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch2.13: DPDK: Out-of-bounds read/write in  
vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)

* openvswitch2.13: DPDK: Sending vhost-user-inflight type messages could  
lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch2.13 are advised to upgrade to these updated packages,  
which fix these bugs.

5. Bugs fixed (https://bugzilla.redhat.com/):

2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash  
2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS  
2080270 - [22.D RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.13-2.13.0-180.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm  
openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm  
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm  
openvswitch2.13-debugsource-2.13.0-180.el8fdp.aarch64.rpm  
openvswitch2.13-devel-2.13.0-180.el8fdp.aarch64.rpm  
openvswitch2.13-ipsec-2.13.0-180.el8fdp.aarch64.rpm  
python3-openvswitch2.13-2.13.0-180.el8fdp.aarch64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.aarch64.rpm

noarch:  
openvswitch2.13-test-2.13.0-180.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm  
openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm  
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm  
openvswitch2.13-debugsource-2.13.0-180.el8fdp.ppc64le.rpm  
openvswitch2.13-devel-2.13.0-180.el8fdp.ppc64le.rpm  
openvswitch2.13-ipsec-2.13.0-180.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-2.13.0-180.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm  
openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm  
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm  
openvswitch2.13-debugsource-2.13.0-180.el8fdp.s390x.rpm  
openvswitch2.13-devel-2.13.0-180.el8fdp.s390x.rpm  
openvswitch2.13-ipsec-2.13.0-180.el8fdp.s390x.rpm  
python3-openvswitch2.13-2.13.0-180.el8fdp.s390x.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm  
openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm  
openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm  
openvswitch2.13-debugsource-2.13.0-180.el8fdp.x86_64.rpm  
openvswitch2.13-devel-2.13.0-180.el8fdp.x86_64.rpm  
openvswitch2.13-ipsec-2.13.0-180.el8fdp.x86_64.rpm  
python3-openvswitch2.13-2.13.0-180.el8fdp.x86_64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-180.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3839  
https://access.redhat.com/security/cve/CVE-2022-0669  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx9NzjgjWX9erEAQgFgw//QNl4NS1Qblilf1f2UpJ6mRPDaLx8vJaQ  
6YOsTFKWHIieRO4Upjr+VyyhHQgMUgaW9EOOk6k40Ls48dVj3BT1snDbnbsXlW0S  
u2/RN1hako1Bhu1T7PSO1m+VKo/lWEcismj+oZzEemMraZHw5ZG31hTWpZLu/eXm  
gumXdXJuqUwEfJU9y2kSmPJnfqkVkNZkCOdGuJbKOzwEcztgmozAXmqVnmXa8W/c  
21N20Gt8xxwhljXeYhOXKQyalR5hjPWRo6BmJzY1i5I1mAvxIW/wtjw/4DbJuu7W  
EIH7hmbzcXZqblmGJbunB8GKOhubkqTg4OJfdWa1hiENmBjJZ+nHBoQ4c7J0cZBP  
2+HEahf20Gocg9Fr1N1tt2PQpcnWZbUT5KmF7FjzAY5kQ6TwvZuyM2T4E7CFxFp1  
VRi5SWISLYI5If17mLvDWG11eD5ZVX5neFcbqa86RloYIvur5uIw/0PKtFhjJ/gk  
w70YjAHyvfRys7Ah1JC6KojCA17Rp2JO652CRciz/Fb45HXTI4EWAnDmZCRHt5sP  
B1CeeoIwQMXT4QssSyKDGfA2rfwAIrugUIQD58itVsuEVJd372QT46CAtwcCxDgo  
dDAL/EuifHMgvHbPpWhwFbpqPVBuG89vGNru15NnCGmsvGmJObwe2/Xe+X8JS5tf  
OOwA14K2pv4=  
=Pjp9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4786-01

Red Hat Security Advisory 2022-4788-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.16 security update  
Advisory ID:       RHSA-2022:4788-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4788  
Issue date:        2022-05-27  
CVE Names:         CVE-2021-3839 CVE-2022-0669   
=====================================================================

1. Summary:

An update for openvswitch2.16 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch2.16: DPDK: Out-of-bounds read/write in  
vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)

* openvswitch2.16: DPDK: Sending vhost-user-inflight type messages could  
lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash  
2055097 - Failed to read database with dns hostname address  
2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS  
2080273 - [22.D RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.16-2.16.0-74.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm  
openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm  
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm  
openvswitch2.16-debugsource-2.16.0-74.el8fdp.aarch64.rpm  
openvswitch2.16-devel-2.16.0-74.el8fdp.aarch64.rpm  
openvswitch2.16-ipsec-2.16.0-74.el8fdp.aarch64.rpm  
python3-openvswitch2.16-2.16.0-74.el8fdp.aarch64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.aarch64.rpm

noarch:  
openvswitch2.16-test-2.16.0-74.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm  
openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm  
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm  
openvswitch2.16-debugsource-2.16.0-74.el8fdp.ppc64le.rpm  
openvswitch2.16-devel-2.16.0-74.el8fdp.ppc64le.rpm  
openvswitch2.16-ipsec-2.16.0-74.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-2.16.0-74.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm  
openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm  
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm  
openvswitch2.16-debugsource-2.16.0-74.el8fdp.s390x.rpm  
openvswitch2.16-devel-2.16.0-74.el8fdp.s390x.rpm  
openvswitch2.16-ipsec-2.16.0-74.el8fdp.s390x.rpm  
python3-openvswitch2.16-2.16.0-74.el8fdp.s390x.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm  
openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm  
openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm  
openvswitch2.16-debugsource-2.16.0-74.el8fdp.x86_64.rpm  
openvswitch2.16-devel-2.16.0-74.el8fdp.x86_64.rpm  
openvswitch2.16-ipsec-2.16.0-74.el8fdp.x86_64.rpm  
python3-openvswitch2.16-2.16.0-74.el8fdp.x86_64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-74.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3839  
https://access.redhat.com/security/cve/CVE-2022-0669  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx79zjgjWX9erEAQiqZQ//e1Dgi9/asD8l67mE1/SgtFJocmEJgOvl  
dO+TAr49LVgJpiYTGD/pO+/JliOIrn00AKDly8JhpTADP2Tv9H69DQNr2T64TI+a  
WvxUVjjxOxQ8uKoK+ld3fhnDZoF7vbEeeXuihhYtOwt6JehGeUhKolRaBFXs8S8t  
u1HSG/RDQE0Auc+Vis9M0AerUCZOd8/r0cO7zAmKAqHHfrI60uhglnHd3rQKcKE3  
dwM/N1fY4blSkxfKfDYmohYARl1fydRPtEEoCjtk6hFknSjE3kc4Qq4Rm8uuP5Dr  
3WsgODUZ2PEJguHzMid9UB5CIoa+WAojAHiCc9u1tU5bgH7rxrX4AVXvXkvLt/2c  
xiaUvVXVNN2eI6WBgsmQNklZU5SmwBJk2ZQfW0/DnkcWVeaKWLXxAxiAX59wN43r  
hpabCfxyChlPsAr9FbF5qARHnQ+c5MGKcxk/tYe3iLTR/VUcyKB3hyVbF/Ou3un5  
qqnjo+cFutwUr34KRdesEmK/grrSdQsB79aKi8iyNjQOrawqLkQQV+R2TIy7a/Y/  
s/d21TXRhJR1Lg1H2o+/8g7E4ueOUh90oz5DXgOlS579tg4h2Kr9WgJiZ47Uh5al  
b0lWhlB/0XNHiGqRog7mQOH8gGbagM9vWoiCDTwe2G3UORN3yvPGITuHrF9Vrxfp  
OwLB+O9H0Yo=  
=wZIX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4788-01

Red Hat Security Advisory 2022-4769-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: thunderbird security update  
Advisory ID:       RHSA-2022:4769-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4769  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.9.1.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-91.9.1-1.el8_6.src.rpm

aarch64:  
thunderbird-91.9.1-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-91.9.1-1.el8_6.aarch64.rpm  
thunderbird-debugsource-91.9.1-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-91.9.1-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-91.9.1-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-91.9.1-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-91.9.1-1.el8_6.s390x.rpm  
thunderbird-debuginfo-91.9.1-1.el8_6.s390x.rpm  
thunderbird-debugsource-91.9.1-1.el8_6.s390x.rpm

x86_64:  
thunderbird-91.9.1-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-91.9.1-1.el8_6.x86_64.rpm  
thunderbird-debugsource-91.9.1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx6dzjgjWX9erEAQhSHg//SPbB2WAxnw4NDz25FUoNIvr+9qid5Zq/  
I4+cnUf5fGDK3Vqj3ENi8m9IjVY2joZJmEOO+ji+sKhK92RoE2vh65sh869ykEzH  
m10B3igH3Q6butgHIgYrEX8ordeNejQuJug7DDYMzZctsIDnURMZPrKi207WhoUt  
c+xjQhLgfuAq9DqDkXIaBP1zf5zBwgopDMcrWKz/Uk/Zk0CQWjawEVKv+sSdpctk  
xvRJQt6p6izaDvs1qZ9Sj/wVyPM8F5/wwJJnfzBBJ/NDOaeGoIWxbNeD4+E5CxT1  
8cwqmByXGSUWhXkwZyaBsF9KFu43+Pwl0opPQ7rb6ACatjzwszSK4/frAKPEbYai  
8upRUv/y4qzn7VfSWEmCZaOcgIecfyqnYvtTDWG0Idt1G15YuuATa12NPV/4lw92  
I7TcmmnsDIz48f+PPos4tGDCTHiRbRdLS2GFPAqY0ajI0bE+srmf2QHwE8OPPkzY  
/6B6xpgUPes6Id2vjw/W74RzdLuEos39ueHqdNcXrWoeCn6kEucmLgsn5Nuon30Y  
76wKzDU8ocs3IedmkKVqRLVwAgvTU1FevJh6IMlcz0EVdPqJwJUE2nmcoROI2qxY  
wztfXGmmyrQJJk7ltjiVA6cmIOgD82KpnZUSMgQpQ+3MDpLMwJn0wu770Z384fcO  
3SVc8OF/EbU=  
=NPQ2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4769-01

Red Hat Security Advisory 2022-4787-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.15 security update  
Advisory ID:       RHSA-2022:4787-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4787  
Issue date:        2022-05-27  
CVE Names:         CVE-2021-3839 CVE-2022-0669   
=====================================================================

1. Summary:

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch2.15: DPDK: Out-of-bounds read/write in  
vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)

* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could  
lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch2.15 are advised to upgrade to these updated packages,  
which fix these bugs.

5. Bugs fixed (https://bugzilla.redhat.com/):

2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash  
2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS  
2070343 - Failed to read database with dns hostname address  
2080271 - [22.D RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.15-2.15.0-99.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm  
openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm  
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm  
openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm  
openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm  
openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm  
python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm

noarch:  
openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm  
openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm  
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm  
openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm  
openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm  
openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm  
openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm  
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm  
openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm  
openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm  
openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm  
python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm  
openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm  
openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm  
openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm  
openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm  
openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm  
python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3839  
https://access.redhat.com/security/cve/CVE-2022-0669  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u  
9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/  
rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF  
G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm  
H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl  
sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC  
34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g  
lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy  
Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft  
2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS  
GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L  
5WnVACaEc60=  
=WSAK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4787-01

Red Hat Security Advisory 2022-4765-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update  
Advisory ID:       RHSA-2022:4765-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4765  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.1 ESR.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-91.9.1-1.el9_0.src.rpm

aarch64:  
firefox-91.9.1-1.el9_0.aarch64.rpm  
firefox-debuginfo-91.9.1-1.el9_0.aarch64.rpm  
firefox-debugsource-91.9.1-1.el9_0.aarch64.rpm

ppc64le:  
firefox-91.9.1-1.el9_0.ppc64le.rpm  
firefox-debuginfo-91.9.1-1.el9_0.ppc64le.rpm  
firefox-debugsource-91.9.1-1.el9_0.ppc64le.rpm

s390x:  
firefox-91.9.1-1.el9_0.s390x.rpm  
firefox-debuginfo-91.9.1-1.el9_0.s390x.rpm  
firefox-debugsource-91.9.1-1.el9_0.s390x.rpm

x86_64:  
firefox-91.9.1-1.el9_0.x86_64.rpm  
firefox-debuginfo-91.9.1-1.el9_0.x86_64.rpm  
firefox-debugsource-91.9.1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx3tzjgjWX9erEAQilSxAAhL1BHFhGq2JrqzYgpwBO6IU2vK+Eqgg1  
untWo/QgTAo9bkTKUuiqIhpnC2FAxkgCDC/zds+M+FfME8CD1fJy1ZK7We4W9DvK  
tQGTzvvtr/M9IkrXQSh8wPYDaDpoOR5+ozKqBx+ylpT0/QcSID3ydqdAYWumYIVt  
Z8tFjb00nZ+pr5MwTVEu01SLDRaOEBoF0ryjPF5WeDFGMPB8OazA26Ibq7xBuGRQ  
AyZiWrDKCjlckY2ac0/n8KJhZqZFLDnuRDc29F3RaCAd7VZycWs2UaqxHSSiFNi/  
8DcNaPJI/oSxYbk79zTm/8pNoSp6FuklopyUs4e879wS+Eky5EyXc5yEzFKhsL0i  
CoU84GTR95ql3DKP33ES2eQVqr8h2D4dhyW3crKrh/L3NRRMMTqieaiod29D5WHo  
CUXDhSda+JnPHX5XpsAB3SoYGepO2nEzsFnD5BZdMO/0qPpWt0KWMyr2EF4nBxfg  
Ei3OejrVDvx5eTQ9FryEg0hC4OigZKq3u/Cnd35QIHyl8kqFRl6r4VvOv085Fbf5  
7HoqepntL953bEg4dBnCw7udr+TtGyWqdjDHgiPfxXeXxvG7fWofj1aEMCprEc/7  
o+DN6Ra0ZiZS6cXSjn2tIJ8lUf7tCxHaItDBWPtqM2UOzWtRK59jIQclFP69j4M7  
VQp5gVSLtm0=  
=RcK1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4765-01

Red Hat Security Advisory 2022-4768-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update  
Advisory ID:       RHSA-2022:4768-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4768  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.1 ESR.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
firefox-91.9.1-1.el8_2.src.rpm

aarch64:  
firefox-91.9.1-1.el8_2.aarch64.rpm  
firefox-debuginfo-91.9.1-1.el8_2.aarch64.rpm  
firefox-debugsource-91.9.1-1.el8_2.aarch64.rpm

ppc64le:  
firefox-91.9.1-1.el8_2.ppc64le.rpm  
firefox-debuginfo-91.9.1-1.el8_2.ppc64le.rpm  
firefox-debugsource-91.9.1-1.el8_2.ppc64le.rpm

s390x:  
firefox-91.9.1-1.el8_2.s390x.rpm  
firefox-debuginfo-91.9.1-1.el8_2.s390x.rpm  
firefox-debugsource-91.9.1-1.el8_2.s390x.rpm

x86_64:  
firefox-91.9.1-1.el8_2.x86_64.rpm  
firefox-debuginfo-91.9.1-1.el8_2.x86_64.rpm  
firefox-debugsource-91.9.1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx2dzjgjWX9erEAQg7uxAAgHGswi4888m6XwuR7Lar5u1HqqUEl7Iz  
fgIs03o4Zv4au44kOdmBVBfho1C3GaHkILs+ketbtWAn2on/4nrT5xQ8xsVAXsFS  
5YmpSKYpkkY3Jhe6p0UVOx5sJGyeoZzxzVa6vsGQMemQFrOMJaob+qBpJFcvUiEU  
N53pYXcDB3xs2fjYSuYeqLsF3JLj7an3si4F4Q9wd1CK1bh2OdCflWppLvg482/o  
q6vXAmGE0X3GU44kDg46kuIiM6QuSmOU7TiU/RjBe7IAf5Zo1zqGMTUz0RLfMAvW  
EpT11uCTe9iTN0QMWaNuKtWBjNmW3zfUBXbKZue/6AsP6ck5DIgTjXMcu3m3yYZ3  
o+axHFQGbUG1C8g/S1Q2RcQZXUnm1LNQvvrx3JQnirbPaozNi9BaFtMmEolui861  
zv+LbVaV9GZU/4pho3TJuRWhqI4+CXWNVaNrHXFjeaLD2tgUUSR6Zf3k0ia+VtbW  
+F1Hs/a4+6BFkDt8xzH4dFkSJweEIOi6qUHcg+vJzjWOCKP/698qbAyWAyKt0nGL  
bvwl+8RmbgHRFR7pmJYKP8jeQ+MVt7ZJfNGMbCko3EZ/Gb+ueUK1xDPShqkiTKIh  
c4BiTvH/vWRULUxk9MkrPEySUaWH74Mb6azMcf/OIh3MJ3RpN4V9770bLBgbb7wT  
7XRUr4FKK6o=  
=w26u  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4768-01

Red Hat Security Advisory 2022-4770-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: thunderbird security update  
Advisory ID:       RHSA-2022:4770-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4770  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.9.1.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-91.9.1-1.el8_1.src.rpm

ppc64le:  
thunderbird-91.9.1-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-91.9.1-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-91.9.1-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-91.9.1-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-91.9.1-1.el8_1.x86_64.rpm  
thunderbird-debugsource-91.9.1-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpEx1NzjgjWX9erEAQj8jA/+L6C0GLnaChCCIBO2QJa6u1TWH3H8MsD1  
bZE5hGvCD9/U+zh1ZahF+9wgTXsGxhvusoBam8yDfLHqe70M7hHZtddVlkVF2yQr  
9Y0yjoWNx2hSBTbUDIO+Haegp6BoUmgTlrTjGnz/5gdr0Z/qTaYk56E1EYtQj0Y9  
qHf7j+FXWleZ0n4+1np1dXcTwKChr1wEmp5+5cvRifwwyMsZkc9asHQa/SH6xFiw  
voE70Hjvc2SzPdF+hCpxu9qxBXa6aEfqpyVVgHrRvUY/RMnpSTG57lCKkVvZocWp  
KgT/AkRPHC9fAsiKg/CNYgocTua76hrd24UyuCPIVsh3KhwgwIX3DIYfsb4/3QPy  
P4Xs8tsAzfh0c0m0lOb1Dgb//YaqntOiD6b6VrMagwNXR+4vcnR4j2t0hQ8RRBCL  
ZYylbF5PfLjcERsMHIoUKupvApPRgvzeVuk6Fo6dfb1jig5NfoBO4mimbfMZ0bD8  
syngbPVPrq1OhZskkFdT8CEbEVq238aeCiVqiG+6sgi5UVfoRuE0MtKqfhrbtNJp  
coCFOT6HOdsTdAexn8N2OvbRtXnztdaiOA1m9UiSrcSBiojBhIkzGuuMzv9H6tZ7  
M+DdvWWoDVS/CcLzardhSejiwJXTBupKv0Tw6pAxkE96UnuRMHRFEvQmc1fsbTLN  
tcim65iKDz4=  
=Pxim  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4770-01

Red Hat Security Advisory 2022-4766-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update  
Advisory ID:       RHSA-2022:4766-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4766  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.1 ESR.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
firefox-91.9.1-1.el8_4.src.rpm

aarch64:  
firefox-91.9.1-1.el8_4.aarch64.rpm  
firefox-debuginfo-91.9.1-1.el8_4.aarch64.rpm  
firefox-debugsource-91.9.1-1.el8_4.aarch64.rpm

ppc64le:  
firefox-91.9.1-1.el8_4.ppc64le.rpm  
firefox-debuginfo-91.9.1-1.el8_4.ppc64le.rpm  
firefox-debugsource-91.9.1-1.el8_4.ppc64le.rpm

s390x:  
firefox-91.9.1-1.el8_4.s390x.rpm  
firefox-debuginfo-91.9.1-1.el8_4.s390x.rpm  
firefox-debugsource-91.9.1-1.el8_4.s390x.rpm

x86_64:  
firefox-91.9.1-1.el8_4.x86_64.rpm  
firefox-debuginfo-91.9.1-1.el8_4.x86_64.rpm  
firefox-debugsource-91.9.1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpExzdzjgjWX9erEAQjzVQ/+Oc3jY+c/sH1toAzPPA0E6rNWLAkT1WZM  
p8BfqVkMLF+ScErDjakxImEUaLt36YfIcVN19/+kZwSB2+W0itiW1pEgSGgKSjbT  
62a4IeKLAU3QUrE9KQZo2HCnWLz81w/S3oBhZMaB2MhRijGEgh3nK2ii4qIYMZdz  
bwRLE9RC9J05SSqxV1cTIMOQSkjGWEawdfxVIc7V4W5fCJITiQtGgtKlh7rjwvM1  
C/WQ0+/aSockG+0vMZ568tEEHJ3gRXQNAP39CvuBU/I/hx9AvVC700nGIEUmtGiZ  
RhME2sfks/VN/O75Fqxvs4ZL0vFlcLFv0beTxYI+ttCooRbiclCFc0WIamOc9UFh  
yNaFYxrOVs3IOP7ZZwXk4QStR6MOKIxD6SfRDGsPyuJSfttvlQHjkmtSojXHGHh5  
J7PQ0lONpLGQ+9K6qL+1J1KXHcNGSyMkyTHS4kFxARPjMa+OIx9NiVnB++dn1eag  
y3BKXEQ3yk0Pp37ilWwgPd4Q9xx6HrTA288yZ3Bej93BxHuQOkPHaNtRzs83HrUp  
diJ7YGfkLEPqdbuEHUjAPSQLHnA5fbdPeRILkOxbYjQaSHQQ5nNpdwsCtvD+f88V  
94hpr5aLsBbY32CVAFZh0U76FPfBufPr9WBaenn0ISNqctRSSolA4MUEOwyOj4I0  
iP8dwmhMyLk=  
=byxi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-4766-01

Red Hat Security Advisory 2022-4776-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update  
Advisory ID:       RHSA-2022:4776-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4776  
Issue date:        2022-05-27  
CVE Names:         CVE-2022-1529 CVE-2022-1802   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.1 ESR.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to  
prototype pollution (CVE-2022-1529)

* Mozilla: Prototype pollution in Top-Level Await implementation  
(CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2089217 - CVE-2022-1802 Mozilla: Prototype pollution in Top-Level Await implementation  
2089218 - CVE-2022-1529 Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
firefox-91.9.1-1.el8_6.src.rpm

aarch64:  
firefox-91.9.1-1.el8_6.aarch64.rpm  
firefox-debuginfo-91.9.1-1.el8_6.aarch64.rpm  
firefox-debugsource-91.9.1-1.el8_6.aarch64.rpm

ppc64le:  
firefox-91.9.1-1.el8_6.ppc64le.rpm  
firefox-debuginfo-91.9.1-1.el8_6.ppc64le.rpm  
firefox-debugsource-91.9.1-1.el8_6.ppc64le.rpm

s390x:  
firefox-91.9.1-1.el8_6.s390x.rpm  
firefox-debuginfo-91.9.1-1.el8_6.s390x.rpm  
firefox-debugsource-91.9.1-1.el8_6.s390x.rpm

x86_64:  
firefox-91.9.1-1.el8_6.x86_64.rpm  
firefox-debuginfo-91.9.1-1.el8_6.x86_64.rpm  
firefox-debugsource-91.9.1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1529  
https://access.redhat.com/security/cve/CVE-2022-1802  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYpExyNzjgjWX9erEAQg+FA//SSDoIAEDrzRMt4bZIiH64utMkmZ2PhOA  
O0WviiRiLAozA+pgHenrroqqs/AfuZL3i+IooUakQ0Th/gDRv53g+QcIs0WxztLs  
nUT9Ujy19BHBiSZatqYeM/2u/S8DqyiTg+UxGAeoH1O/MztF18I70D37wS4w5nwg  
+c5dJEPUMgyOeztiSEznmmVmLJsF8Zn9nnBbXvAqG7XW4HD9nrEARmKdc3GXWA94  
v/cSmcfMG7c+SyrA+zY4/eXgRZJkQTPBHAa7AzSeLkswMke6pPq/xjO1HIOr1dhj  
I6hYOIAKZocBhhPMBWvdq83mhXkHMXA7CUuBn5C7Bbt4S8rLoHMX5d11mv5q72pr  
/Ce+AUndYD0vqU/QX64I+eOb0ArpHGrH0uRiZNOA1JRpBa7/V918/Y2yhldKhJJ3  
ws1UDBaqxHkX1FO069QgjlZNlLwViaZTmW1bKcSvbPNXYgIJZtDn3FC4qoIb+4XV  
22Iiagfcz24VkbK2VMtlzYYT8FZA+pbc6vmAOEE5NnI0VNJIGry7K8frxe/GJapR  
DwWjrWk53B4zu/DVg5zEfHikjeXb3xyWhl4OunGbkigqrq4Rwzjpdk+ZrCkLo2MG  
gKOnGwe8ILkCv0nFrdjQeKxg8oJMrg+GjYM7P3RqzvzjkFSbab4tJsKQnJ2qwNTe  
kI/FdzuSQ4s=  
=slKH  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat