There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

**Buffer Overflow in heif\_js\_decode\_image in libheif v1.14.2****CVE ID**

CVE-2023-0996

**Description**

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

**Tested Versions**

v1.14.2

**Details**

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format) file format decoder and encoder.

**Timeline**

*   2022-10-21 - Vendor Disclosure
*   2023-01-11- Vendor Patched
*   2023-02-24 - Public Release

**Credit**

Discovered by Eugene Lim of GovTech Singapore.

CVE-2023-0996: CVE-2023-0996

Debian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5358-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
February 23, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : asterisk  
CVE ID         : CVE-2022-23537 CVE-2022-23547 CVE-2022-31031 CVE-2022-37325  
                 CVE-2022-39244 CVE-2022-39269 CVE-2022-42705 CVE-2022-42706

Multiple security vulnerabilities have been discovered in Asterisk, an Open  
Source Private Branch Exchange. Buffer overflows and other programming errors  
could be exploited for launching a denial of service attack or the execution of  
arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 1:16.28.0~dfsg-0+deb11u2.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmP3LTtfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeQLpw/8CshgHqfiBn5zx4yxf0mmnHaeXDpDmebNz0MLPJQOBHLn6IBFyAu+TpM5  
o9CgBlgTx6LdXToik+0QQtG50EnCp+2gPQ+dalY7lHswTfdwqIrMIM8NUwtOo9ut  
DUUptPBTbUVDICh/OZfiNE3EfxAJ5Z6ktoqC/L8IqCx/S1ZwbdQJSVXAAQJJUVyT  
syXDNHpoYqehm6p0JKOAbYkROnCKyvfhrtu9clZgUx0lhlxGRpAMspO15mUTyxqR  
xLwsWAqWyfPXTZBpa6Ym8Aa8vQeDrvk3QakigvhnYHxhz51eJiH8WcsIzh2NQLW0  
CsJHYx+Hq3rVUHpIWvPyR00HeKfGNu4pYzXS8RAhuKricEgxNWEQKWxYO76+xrWt  
avZ1ebREYG2+6AcneB3ceSCPNEg3YeySmf5RyFYy+3s307OsA8/kbSwzsi4lmBZe  
1+bqDZvcb76dEz2d5bFaC9qJ3EUX3C19B4mo/bi+IW4s8YypZZX3OpmH5jCkIFKF  
XiEmuDj3rtrDYSzQgSCKgflXQIv63UsUn3NbZk2KIkQTZRpBfT8p5M7DWwozOCbO  
9CN6gsjkM/H+YT2FfEdXMsqw7H6tl3wv1HUIj9dDaAYfxfnHGMfe3jeSBA84Ql1J  
+NrQctHyDGHo5WcU4ThMNawTuz+FUn/MHb4+ycyP8TjZa/RHX4M=HsMO  
-----END PGP SIGNATURE-----

Debian Security Advisory 5358-1

Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5883-1  
February 22, 2023

linux-hwe vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Kyle Zeng discovered that the sysctl implementation in the Linux kernel  
contained a stack-based buffer overflow. A local attacker could use this to  
cause a denial of service (system crash) or execute arbitrary code.  
(CVE-2022-4378)

It was discovered that an out-of-bounds write vulnerability existed in the  
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-20369)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan  
and Ariel Sabba discovered that some Intel processors with Enhanced  
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET  
instructions after a VM exits. A local attacker could potentially use this  
to expose sensitive information. (CVE-2022-26373)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64  
processors, the branch predictor could by mis-trained for return  
instructions in certain circumstances. A local attacker could possibly use  
this to expose sensitive information. (CVE-2022-29900)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64  
processors, the Linux kernel's protections against speculative branch  
target injection attacks were insufficient in some circumstances. A local  
attacker could possibly use this to expose sensitive information.  
(CVE-2022-29901)

It was discovered that a race condition existed in the Kernel Connection  
Multiplexor (KCM) socket implementation in the Linux kernel when releasing  
sockets in certain situations. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3521)

It was discovered that the Netronome Ethernet driver in the Linux kernel  
contained a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3545)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform bounds checking in some situations. A  
physically proximate attacker could use this to craft a malicious USB  
device that when inserted, could cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-3628)

It was discovered that a use-after-free vulnerability existed in the  
Bluetooth stack in the Linux kernel. A local attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3640)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

Khalid Masum discovered that the NILFS2 file system implementation in the  
Linux kernel did not properly handle certain error conditions, leading to a  
use-after-free vulnerability. A local attacker could use this to cause a  
denial of service or possibly execute arbitrary code. (CVE-2022-3649)

Hyunwoo Kim discovered that an integer overflow vulnerability existed in  
the PXA3xx graphics driver in the Linux kernel. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2022-39842)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that a race condition existed in the Xen network backend  
driver in the Linux kernel when handling dropped packets in certain  
circumstances. An attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2022-42328)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the  
Linux kernel did not properly initialize memory in some situations. A  
physically proximate attacker could possibly use this to expose sensitive  
information (kernel memory). (CVE-2022-42895)

It was discovered that the USB monitoring (usbmon) component in the Linux  
kernel did not properly set permissions on memory mapped in to user space  
processes. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)

It was discovered that the Upper Level Protocol (ULP) subsystem in the  
Linux kernel did not properly handle sockets entering the LISTEN state in  
certain protocols, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0461)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
  linux-image-4.15.0-206-generic  4.15.0-206.217~16.04.1+1  
  linux-image-4.15.0-206-lowlatency  4.15.0-206.217~16.04.1+1  
  linux-image-generic-hwe-16.04   4.15.0.206.191  
  linux-image-lowlatency-hwe-16.04  4.15.0.206.191  
  linux-image-oem                 4.15.0.206.191  
  linux-image-virtual-hwe-16.04   4.15.0.206.191

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5883-1  
  CVE-2022-20369, CVE-2022-26373, CVE-2022-2663, CVE-2022-29900,  
  CVE-2022-29901, CVE-2022-3521, CVE-2022-3545, CVE-2022-3628,  
  CVE-2022-3640, CVE-2022-3646, CVE-2022-3649, CVE-2022-39842,  
  CVE-2022-41849, CVE-2022-41850, CVE-2022-42328, CVE-2022-42895,  
  CVE-2022-43750, CVE-2022-4378, CVE-2023-0461

Ubuntu Security Notice USN-5883-1

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

*   Home
*   Browse
*   FreeImage
*   Discussion

*   Summary
*   Files
*   Reviews
*   Support
*   Mailing Lists
*   Code
*   Tickets ▾
    *   Feature Requests
    *   Patches
    *   Bugs
    *   Support Requests
*   News
*   Discussion
*   FreeImage
*   FreeImage

Menu ▾ ▴

**FreeImage 3.18.0 1byte OOB Read**

Created: 3 days ago

Updated: 3 days ago

*   ==3820756==ERROR:AddressSanitizer:heap-buffer-overflowonaddress0x612000001995
    atpc0x5627bb77696fbp0x7ffc771a50d0sp0x7ffc771a50c0READofsize1at0x612000001995threadT0
    #0 0x5627bb77696e in ReadInt32 Source/Metadata/Exif.cpp:120 #1 0x5627bb785e15 in ReadUint32 Source/Metadata/Exif.cpp:138 
    #2 0x5627bb785e15 in jpeg_read_exif_dir Source/Metadata/Exif.cpp:723 
    #3 0x5627bb78a6c8 in jpegxr_read_exif_gps_profile Source/Metadata/Exif.cpp:955 
    #4 0x5627bb6089d5 in ReadMetadata Source/FreeImage/PluginJXR.cpp:607 
    #5 0x5627bb6089d5 in Load Source/FreeImage/PluginJXR.cpp:1186 
    #6 0x5627bb560a76 in FreeImage_LoadFromHandle Source/FreeImage/Plugin.cpp:388 
    #7 0x5627bb560dd5 in FreeImage_Load Source/FreeImage/Plugin.cpp:408 
    #8 0x5627bb501abb in testClone(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:34 
    #9 0x5627bb502100 in testAllocateCloneUnload(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:56 
    #10 0x5627bb4eeaa2 in main /home/akuma/FreeImage/TestAPI/MainTestSuite.cpp:69 
    #11 0x7f696c2480b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) 
    #12 0x5627bb4fc16d in _start (/home/akuma/FreeImage/TestAPI/testAPI+0x1b716d) Address 0x612000001995 is a wild pointer. 
    SUMMARY:AddressSanitizer:heap-buffer-overflow
    Source/Metadata/Exif.cpp:120inReadInt32Shadowbytes
    aroundthebuggyaddress:
    0x0c247fff82e0:fafafafafafafafafafafafafafafafa
    0x0c247fff82f0:fafafafafafafafafafafafafafafafa
    0x0c247fff8300:fafafafafafafafafafafafafafafafa
    0x0c247fff8310:fafafafafafafafafafafafafafafafa
    0x0c247fff8320:fafafafafafafafafafafafafafafafa
    =>0x0c247fff8330:fafa[fa]fafafafafafafafafafafafafa
    0x0c247fff8340:fafafafafafafafafafafafafafafafa
    0x0c247fff8350:fafafafafafafafafafafafafafafafa
    0x0c247fff8360:fafafafafafafafafafafafafafafafa
    
    \[CVE-ID\]  
    CVE-2021-33367  
    \[Product\]  
    FreeImage 3.18.0  
    \[Version\]  
    FreeImage 3.18.0  
    \[Discoverer\]  
    3kyo0  
    \[Vulnerability Type\]  
    Buffer Overflow  
    \[Description\]  
    Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
    

Log in to post a comment.

CVE-2021-33367: FreeImage / Discussion / Open Discussion: FreeImage 3.18.0 1byte OOB Read

Patch released for bug that poses a critical risk to vulnerable technologies

John Leyden 22 February 2023 at 14:23 UTC

Patch released for bug that poses a critical risk to vulnerable technologies

A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco.

More particularly, a vulnerability in the ClamAV scanning library (tracked as CVE-2023-20032) created a critical security risk for Cisco’s Secure Web Appliance as well as various versions of Cisco Secure Endpoint (including Windows, MacOS, Linux, and cloud).

Cisco released an advisory on the vulnerability – alongside patches for affected products – last week. Although the vulnerability is not under active attack, patching is nonetheless recommended.

The partition scanning buffer overflow vulnerability poses a critical risk to vulnerable technologies.

Catch up with the latest network security news and analysis

As explained in Cisco’s security advisory, a vulnerability in the HFS+ partition file parser of ClamAV creates a mechanism to push malicious code onto either endpoint devices or vulnerable instances of Cisco’s Secure Web Appliance.

The vulnerability, which stems from an absent buffer size check, creates a heap buffer overflow risk in scanning HFS+ partition file. An attacker might be able to create a malicious partition file before offering it up for scanning by ClamAV.

“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition,” Cisco’s advisory explains.

**Use case**

ClamAV (Clam AntiVirus) is a free software, anti-malware toolkit originally developed for Unix. The technology - acquired by Cisco through an acquisition 10 years ago, has been ported to run on various operating systems including Linux, macOS, and Windows.

One of the main use cases for the technology is on mail servers as a server-side malware-in-email scanner.

However, Cisco has confirmed that neither its Secure Email Gateway nor its Secure Email and Web Manager appliances are vulnerable to this particular security bug.

**Who guards the guards?**

Any vulnerability in a security utility that allows potential miscreants to hack into affected devices show how tools designed to increase security can increase the attack surface exposed to potential attackers.

The security flaw in ClamAV’s HFS+ partition file parser, along with lesser a remote information leak vulnerability (tracked as CVE-2023-20052) in the DMG file parser of the same technology, were both discovered by Google engineer Simon Scannell. Google notified Cisco about security bugs in ClamAV last August.

An advisory by Google, posted on GitHub, offers a full technical run-down of the more serious CVE-2023-20032 vulnerability and its potential exploitation.

“We rate the vulnerability as high severity as the buffer overflow can be triggered when a scan is run with CL\_SCAN\_ARCHIVE enabled, which is enabled by default in most configurations.

“This feature is typically used to scan incoming emails on the backend of mail servers. As such, a remote, external, unauthenticated attacker can trigger this vulnerability,” Cisco’s advisory explains.

A technical blog post by German cybersecurity vendor ONEKEY concludes that the two flaws in ClamAV illustrate that “file format parsing is a difficult and complex endeavor”.

LIKED THIS ARTICLE? Sign up to our new newsletter – Daily Swig Deserialized

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw

Red Hat Security Advisory 2023-0854-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:0854-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0854  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-2873 CVE-2022-41222 CVE-2022-43945  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64  
Red Hat Enterprise Linux for Real Time (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8-RT: Backport use of a dedicate thread for timer wakeups  
(BZ#2127204)

* SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062)

* Cannot trigger kernel dump using NMI on SNO node running PAO and RT  
kernel  [RT-8] (BZ#2139851)

* scheduling while atomic in fpu_clone() -> fpu_inherit_perms()  
(BZ#2154469)

* The latest RHEL 8.7.z2 kernel changes need to be merged into the RT  
source tree to keep source parity between the two kernels. (BZ#2159806)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2119048 - CVE-2022-2873 kernel: an out-of-bounds vulnerability in i2c-ismt driver  
2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 8):

Source:  
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2873  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5DNzjgjWX9erEAQgTIQ//bAzG6t2ueT9ZjapRWki1kFItX3fe5b1h  
FeuLn1+ukx221h24MbM6mzoTiYTdi5DzSsU+QTFQEyiuiMxdXUIE/teXn3AH87kr  
WfTgJNRrPUAmNmujxNUbnc4AyOhDQUbEAZjY9fB9SorBlrg4dDXt0eed3BCFRmuX  
uYQhDTkckLnFSwZwqH86zrhIYAYgoZipZKYFjTK2h4oK6qhJO5cW0Z4mpgmeMOcG  
HiSCgi4yk2JElTtLZGxag0wVa3i91OaWia0JYAt7gIuTiHHvR7Wlu/UfSjaFont6  
gX0pDxfwYO55fpoxRHrWQjwmpseIao/A6EgWdPqc2al/GJaqSscw4I5aXeWgCl+H  
aReYW8JGpKo5RLrcAsLrw8UfUPTFY7uUOuyRt0hXgmTq2no75wqgrk8XsDWgADms  
Gu92lNIGiLvG/bJKZHhr/NG5SZA3Fq2LXPXiuS2NCtuo95b3R07fxib65zifFyk1  
Xs2u64G48MazXBATSO/gjxpZ8i0FUv59t793KPwY6iC3orjCvykYHU6tIqw6rQxn  
eWb/Cz10K9FrwwaYlYeVr5i+48XxD+o4Vplmn+k7l1GA/PkMhDt4T4WWaWLB6AB2  
lONtNwfqIp9KD2z4c6m6g0M0djyM2NNQF8t0PAdJlfOJgub8xEmzCXeiGW2mhIHX  
P/ZrBAx7UuQ=aH9p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0854-01

Red Hat Security Advisory 2023-0842-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: tar security update  
Advisory ID:       RHSA-2023:0842-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0842  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-48303  
====================================================================  
1. Summary:

An update for tar is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The GNU tar program can save multiple files in an archive and restore files  
from an archive.

Security Fix(es):

* tar: heap buffer overflow at from_header() in list.c via specially  
crafted checksum (CVE-2022-48303)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2149722 - CVE-2022-48303 tar: heap buffer overflow at from_header() in list.c via specially crafted checksum

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
tar-1.30-6.el8_7.1.src.rpm

aarch64:  
tar-1.30-6.el8_7.1.aarch64.rpm  
tar-debuginfo-1.30-6.el8_7.1.aarch64.rpm  
tar-debugsource-1.30-6.el8_7.1.aarch64.rpm

ppc64le:  
tar-1.30-6.el8_7.1.ppc64le.rpm  
tar-debuginfo-1.30-6.el8_7.1.ppc64le.rpm  
tar-debugsource-1.30-6.el8_7.1.ppc64le.rpm

s390x:  
tar-1.30-6.el8_7.1.s390x.rpm  
tar-debuginfo-1.30-6.el8_7.1.s390x.rpm  
tar-debugsource-1.30-6.el8_7.1.s390x.rpm

x86_64:  
tar-1.30-6.el8_7.1.x86_64.rpm  
tar-debuginfo-1.30-6.el8_7.1.x86_64.rpm  
tar-debugsource-1.30-6.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5KdzjgjWX9erEAQhYbQ//aKL+zULuA7Sdl+jsUXQpPF/PgCkrgqIW  
NLBy0oB6xTNSiJofZ+I/c6QowqwSl/iweLN5tq+ZBlfBjX//nxygZyWpMyieHimC  
mk7RItqFoHuq391OkH39W8BsS9tRhOd4uFhx7NWvK1TcXJ3GX0zz2GQyyGkYNgyv  
yCkXuOBnY2F4bxRAKEgtzGnhNx1V/aJpxBXGB3PNU2LQqKd1iFEeWHTJiz7jwyCT  
68PQK+btkLpBAKEeA1Za9J+Q2BtQ0rKXcOKv26ucXZ8QxGEk/Kj7wiHa3Mxq59/G  
cdrdrplDDJiv4hRAgfind4TlAmVji9BdrdXLSfhA48LjGI6zE4XL5TvPP7Seo3tr  
T2d8epAKYqERwFm3UTCV1XBDh2n8zzsiYrqY20pBClTBrpAiTOmDFChvfDGofQVb  
aXBUITSjZfkn8JCMvOJgAPk+6MBIKgQUke2NhTpLx/JhWt0o9lGQ7ALSAX/ZSbKF  
/o+ypMHTT/i6wh2wqlL8zydp0GsJXbjWXo9OrLf52NJc2/nmK9FRkVbC6fV91Yug  
ICNZ+3a+4nXhxmFD7g4DmQhT4kGTtP3F//2PWu6e3N6TRzpU1XEHJSd5JAqSkxzl  
QwaEFxe0l0lAM73rccTlJ3qCSdKVHBEqqtBW4fDOZNlj3HSVy4dBlSNj5uucFd6e  
oOB4pOspP7E=zzgX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0842-01

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-0848-01

Red Hat Security Advisory 2023-0839-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0839-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0839  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-41222 CVE-2022-43945  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm  
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-1-3.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5I9zjgjWX9erEAQi9Qg//aHbqQTZ72uD5EJrSRJeDypo3gAeppE5R  
0sRTDv5+z8A2W9iC929erRWQyusDX9gFBsKm2q9W9vGTimtPkMiyMHynwumkgTYD  
NAToVbUsbh++pt1nVvOoU+L4EpybrVVndA9aPWny2wPOI1f+pnV04Cn6SJ9oIZwn  
vaE/72TwDux1QcWJ4mcyQ+1I2QomV7/O+NBdVKgITkqVq6UQsZ3lNFaZTQy759tF  
QlYkHjoiMaDWC5pfFP2ER4Hp6N4gOksQVthb7Ww6c5hGcsgF0i3uQJXPgBneVoqt  
PUU0K6mGTWkScchA0Ikz6xZe9PfiEEtpIDl7CG11yjowCp4cMlrdY45EocIspOzg  
UHU+6qHQN+YtZL9IwJpwyLpxnzbzAvaYRi0Tz7gYx0kwFfNHMzHBum5Tec5+5A6F  
rwVLqcMWMKGgdxz5YBOQrc1PpIo5YUrLBLZfYsesJ8lk16us7KLGhAUPxMMySUzT  
+ApmCfRm3OdfBJ6TPxFqpnZlWQnxU/okY1xRibtYm34przvE+7Yk2eGYBG7tNWy5  
L2pTkdlFBDzc1Ql+0yoDvjjbNXh0JRtPstWzVbOHINuBa+Trj8ltQvvGANTjZSro  
x/dRW8p8GkP/G/n2JplbZhzK/keyp8nG+FikGjNd7cKAHngpH9NLWQ3ASf/xE6tp  
74mfYiIfS2A=u4aM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0839-01

Red Hat Security Advisory 2023-0832-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, null pointer, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:0832-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0832  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-2873 CVE-2022-41222 CVE-2022-43945  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105  
ex_handler_fprestore+0x3f/0x50 (BZ#2134586)

* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)

* Cannot trigger kernel dump using NMI on SNO node running PAO and RT  
kernel (BZ#2139580)

* MEI support for Alder Lake-S (BZ#2141783)

* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node)  
Flow Iperf Cannot Connect (BZ#2141959)

* RHEL8.7: Xorg cannot display resolution higher than 1024x768 on system  
using ast graphics driver (BZ#2149287)

* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are  
enabled (BZ#2149474)

* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address  
(BZ#2149745)

* RHEL8.4 - boot: Add secure boot trailer (BZ#2151530)

* error 524 from seccomp(2) when trying to load filter (BZ#2152138)

* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session  
[scsi_transport_iscsi] (BZ#2152734)

* Connectivity issue with vDPA driver (BZ#2152912)

* High Load average due to cfs cpu throttling (BZ#2153108)

* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on  
rhel-8.5 (BZ#2153230)

* RHEL8: tick storm on nohz (isolated) CPU cores (BZ#2153653)

* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)

* Azure RHEL 8 z-stream: Sometimes newly deployed VMs are not getting  
accelerated network during provisioning (BZ#2155272)

* Azure: VM Deployment Failures Patch Request (BZ#2155280)

* Azure vPCI RHEL-8: add the support of multi-MSI (BZ#2155289)

* MSFT MANA NET Patch RHEL-8: Fix race on per-CQ variable napi_iperf panic  
fix (BZ#2155437)

* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel  
NULL pointer dereference at 0000000000000000 :  
ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)

* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script  
causing irdma build to fail (BZ#2157905)

* RHEL8.8: Backport upstream patches to reduce memory cgroup memory  
consumption and OOM problem (BZ#2157922)

* The 'date' command shows wrong time in nested KVM s390x guest  
(BZ#2158813)

* ethtool -m results in an out-of-bounds slab write in the be2net driver  
(BZ#2160182)

* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP  
and pod getting restarted (BZ#2160221)

* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout  
per VF (BZ#2160460)

* iavf: It takes long time to create multiple VF interfaces and the VF  
interface names are not consistent (BZ#2163257)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2119048 - CVE-2022-2873 kernel: an out-of-bounds vulnerability in i2c-ismt driver  
2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-425.13.1.el8_7.src.rpm

aarch64:  
bpftool-4.18.0-425.13.1.el8_7.aarch64.rpm  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-core-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-cross-headers-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-core-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-devel-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-modules-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-devel-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-headers-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-modules-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-modules-extra-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-tools-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-tools-libs-4.18.0-425.13.1.el8_7.aarch64.rpm  
perf-4.18.0-425.13.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
python3-perf-4.18.0-425.13.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-425.13.1.el8_7.noarch.rpm  
kernel-doc-4.18.0-425.13.1.el8_7.noarch.rpm

ppc64le:  
bpftool-4.18.0-425.13.1.el8_7.ppc64le.rpm  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-core-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-cross-headers-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-core-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-devel-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-modules-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-devel-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-headers-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-modules-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-modules-extra-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-tools-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-tools-libs-4.18.0-425.13.1.el8_7.ppc64le.rpm  
perf-4.18.0-425.13.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
python3-perf-4.18.0-425.13.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm

s390x:  
bpftool-4.18.0-425.13.1.el8_7.s390x.rpm  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-core-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-cross-headers-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-core-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-devel-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-modules-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-devel-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-headers-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-modules-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-modules-extra-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-tools-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-core-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-425.13.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-425.13.1.el8_7.s390x.rpm  
perf-4.18.0-425.13.1.el8_7.s390x.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm  
python3-perf-4.18.0-425.13.1.el8_7.s390x.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.s390x.rpm

x86_64:  
bpftool-4.18.0-425.13.1.el8_7.x86_64.rpm  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-core-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-cross-headers-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-core-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-devel-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-modules-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-devel-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-headers-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-modules-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-tools-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-tools-libs-4.18.0-425.13.1.el8_7.x86_64.rpm  
perf-4.18.0-425.13.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
python3-perf-4.18.0-425.13.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.13.1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2873  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/S5A9zjgjWX9erEAQhBpA//VkylLhtaxlPm0/2zyTgGV7ZzCOtuW9q6  
b9NL6MWgVuxi6zPLs2hl/ICeMJUgRrfkrGnH2Zgbmz8IXMaZV0I3NGnqkChpTiZn  
xxjxTsT7pRRRoH+ABhVVkWUANpBX8TANOwsQ6Go1H+Oiq/QNUAko/VTHLvbSFnn3  
ZhfAcQj/nTmaGMKLm4yIgmRCoEjH1DuA7OLVM28A6/RbrWH4mdc8Z+PUxGcFLzb2  
2/UH2O/ofoK+CMJzeovM9eDb/TUheDJJO9Ina6bu/g244LeIowrbDT6utbzp2N5G  
xXxfpruNNhDj7JQYdm17JEQEILe9LfOc3l6m3qOVndFCWKMZTY8QKam7uwevOOpV  
h8vDG1rtX4nPGJ0uD4mPcecUC6RBsi/QRXK95nAs+tx9cVtHQu5k62fbZe/7uG62  
fXz69aRlQ1YrHgq2bsddvYGjBK2Wfwm2jZlhPtws08TlnjCJLwNbI1xl0r+vksa6  
f1H26FKD8bX51sKEa0adHuNIjO/OUc/f3MVTWNaffj+kKqWRvnJt3L8hjL2BttRo  
ZUXVqMPoz8xT0wkymVvmkLSH9fY9q+JTnozjmJST6TlRBw1fmJhJHhvn6nsY5ftG  
1vDJJP1giFevpZYRbeW5TW3/PoD057vWJrutyjBc5D82UWqVY44Kzeca7eyUaBlk  
fe0d+/U6+Is=/2vf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#buffer_overflow