Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:1454-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1454  
Issue date:        2023-03-23  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-1471  
                   CVE-2022-4415 CVE-2022-34174 CVE-2022-40897  
                   CVE-2022-41354 CVE-2022-45061 CVE-2022-48303  
                   CVE-2023-23916  
====================================================================  
1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* ArgoCD: Authenticated but unauthorized users may enumerate Application  
names via the API (CVE-2022-41354)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41354  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBzBVtzjgjWX9erEAQhzXA/9Eq6aEKRFZQk/k1rj2PJ2yNohxZKK0zkl  
5BLVG9bNjsHgOAq2yoOQkdGH9ZqfCh31V5VtBkPRtbVHwM03l2ixG+Nb2EDonn4W  
YMUwBx0+juQPjECzWPwIed8UDN1SbmEcZarsTFZQFkgxuV/OLx7lQcfdunSRMlNv  
hwhvGVjd0b/UWqbtFZV8zg85k4FGdH3Mdl2sEKAAP16QTYx1yWseOBrJalrFYYDg  
9K/9qVol2KXb34MRtre+l4ohxf/rfGzlaw0bvlxQFPUs6mkdKZT7u6nZgayk0wbn  
LVwdLmpA4zbbFGzncRZQ1rWKN0lg+rFODKydKhiy0CkG+sMVcvwgdwg9vShuTdUE  
86KWPcnZzcn3Gh8wJ+ae4GmtjenETv9p7wON8Z85A6cKhfYvKkZfJCquPuN8cIJG  
1f6b8Vdap0rA4nP/GV9KtbzwWDe16qIZTb7mOTtqT7iXgG27zr1ErjnceokntE2g  
Yjbcx/9IWA47TKAfpIDzA91QrhbRX2lEqnQdrfpYfeTx8VnozC48K0j5+fMgDFEp  
OEOnjG74VTLiYgVwPMr63roEToTgUwGkjav/Zl4/yNkUFn25RWSQk3r+z816aBvJ  
6x8CKCc9sjKdUU+1n/1kxC6btQpk2xM3YPoU54yos412kcikfmapGGePASpY5sdK  
8B7lgIl/xhM=Hcu1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1454-01

Red Hat Security Advisory 2023-1445-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:1445-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1445  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQixHg//RWiaOesinr2/sJLEG5HsiPRSNlVGLKDs  
Vz4jRqnM+E1ssJ81zR9IAacb2tRFroYIWfJzCfy3N+gnyJ6MZa8fXmf9P955tNNm  
zTWvRp3pqm6pDDS5wuL/26lMEQu+UwCOIWV7av3QfLTNoNhmUXvQNlcgy5Aamq9m  
WSLdIxNEA+cmeEHuxfaG8vj6lXPH7WtuZ06dB1YP+x8d09HbWrIgSPjVstefEN1A  
vDNrFeYfDeFM/lI6PM50M837fAuUYmcndp5NOn0f3qWtVcCRRFFDED/tPgtjQfN9  
g5Ot+d39s7RILw999HHFg9kNZowjxvs+u/YQJogcUVJd0jZ3hW1Bg6pGwLYs2sBq  
vp4HXNT+xYkXzvDgcO94Sj/lU8jLPJjbUkmISLNjxHdqYDKSza5yrTTucvB/+ZmG  
TeSiyNhy4+XireUkz2IO6n16ZrtbK0KrHERPvSeTXQZ8x5OpScfUvcPLrLe8/AbL  
Tazrl1LJskPWYqLaEQH1M9zhSnAQgUcrva3pIJFIwDZDz3Hzwhur/3o3knVhGWyG  
shNGxJW27BowQrfT2rTJc3RkHCjSHL2QgB5ZHmpZl9p6wxTLlUN8sgP3eTg41zzd  
iPZgpyWgjzOyzTFXB8MCdGzIMDgltpAkNN4e6jRGXTS4QDCzpl4sFW8GM44hiUDp  
v1BFUoMfblo=s9X6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1445-01

Red Hat Security Advisory 2023-1444-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:1444-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1444  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
firefox-102.9.0-4.el8_4.src.rpm

aarch64:  
firefox-102.9.0-4.el8_4.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_4.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_4.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_4.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_4.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_4.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_4.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_4.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_4.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_4.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_4.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQjFAw/+POMLis7JDkGsJrJysMHCnABjVMQOFj2o  
eTv2yQG5FekOOXpbeoR9hNWZmI3EKQ6weJtRSKqcPZHC5vBpoTLAPr1gJ8r6eR6f  
msbEAczb9Qx2b5f6b95bvnWrrdVDOV+hso1QTJZhSSXWtcdiHgX3RnyUx3kvqcCx  
v9aib86RhZBKBt6IsXpNOFjKzR9tGXghHgN6tUrvc1h894GmcC4yjZj5jAcwzyQS  
gOytV4CjzZnfUaU0J2mOs5KW+nt0zmhMC9U/hHBeS5WWGfO4w+psk79GoZi0MBzQ  
DWehVqtblQWO/4eYRnAm2kfKlV9wKoRAXnZfSKfLE2we+R5csIxFNXCSjhXf94c5  
cvNZiLisQj3qDlo0tEZZSNUYV+CUs5Ay2W2ultkBVTqkWcJSwygW+9Ff0SCxTZUA  
1nciKqoCCdc7sh5cy7lyR7S73gDWp1iPpg+1zrEpsrSIQ8pKSmeoXFyKO/ALiEai  
qlCkpjM91uUipDDFuvSC6EyQPmwYzyo3BfPe33pK+eIhDxNnTx8J7aVgH/dfvY7U  
OHkHWWZfzM68zGhFa1ddA2HwghNGVn//g+xrG9U1QJzf83hcLkC6NxIfmkfJODom  
yRgo93DpoCuOtPYp2I8oCEyncmB0D3YOWDzn+k5+BQH7V5dAeHMRiiELjs14Tnqo  
50sdrHMYz/g£8J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1444-01

Red Hat Security Advisory 2023-1437-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1437-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1437  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
openssl-1.1.1c-6.el8_1.src.rpm

aarch64:  
openssl-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.aarch64.rpm  
openssl-devel-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-perl-1.1.1c-6.el8_1.aarch64.rpm

ppc64le:  
openssl-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debugsource-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-devel-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-perl-1.1.1c-6.el8_1.ppc64le.rpm

s390x:  
openssl-1.1.1c-6.el8_1.s390x.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-debugsource-1.1.1c-6.el8_1.s390x.rpm  
openssl-devel-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-perl-1.1.1c-6.el8_1.s390x.rpm

x86_64:  
openssl-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.i686.rpm  
openssl-debugsource-1.1.1c-6.el8_1.x86_64.rpm  
openssl-devel-1.1.1c-6.el8_1.i686.rpm  
openssl-devel-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-perl-1.1.1c-6.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQj2fBAAonoENVQK1z0o1faaI5kJcpcjudplrNTx  
CWn5Q1bA7ZOU+8F4kocdGWUHfF7IIFHmcV/bfkz0pyOEx14pHdi4gbfp7DHMg+vh  
TnJBtCqCJVGWmoDu4qUzm81w96lSgRTFweoMdk8DZL8GBfPF7ZW4q46A8oBCxkXC  
jQ1gAhHZEfeDKCSsQ+JJvtjSZdAKCf3iDimy6FMFHDLg9hqXns+UXZ+7mJD3UpLP  
gqfzM8a1+YonxtC1piovlY7KaWV7EpgufVCzILjwXiLeKivfUo4SGDdw+fsv5rzr  
ex1qOKg9mucu3nq5eoZaOomtrvhFW9P8igS1aZVWNcdhv/nbYBkhUZ04U9wwnOru  
t5936OJzyl5gQxKTA3RCX45z4qs6TUE07DB4LYSrmXj1yQXZcwahJIB5/N63ttbn  
pqt04m9xLybFsn2+8TCOiBwfZUkrKsoepjBVrqcC05yfL41fsoZao7ZwLSiptByZ  
UO5Xy4wUQjOIRCqUkquE2GidOhVdIvQhrjOj2tsaW3vHSXsYLICBxru5fOTKsNdz  
fKdIDy0S62gU2QQeSWBukCIZTnWw7sfxWZJ1p4M//JgbA5njA59iBTv+zNSQ93pr  
I/GPiwNZInjgIWFPaUkrvn0O5VejKPb+i6Mz5ACd8GJPWOFxjxDCbnarqAlaMi7D  
s7TQu68jDN4ÏEA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1437-01

Red Hat Security Advisory 2023-1439-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1439-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1439  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQh6gw//WJqLt9YyobqWOBG/NpiC73QzLQWHbVIh  
QPwDMXRYgHGUynZzutvtJsO2wAuWlplIdvKkHQRqYBFLJBVjZMz1PzgFm5EWZiY9  
4VNXNiP95rAU/IyhBqJKiHMtIfqmQPhO9DD/BKafUjc54umAowSBmZyHL5LnCtka  
XApVLo035R1mwUNWQsc0pOULWRDNKoYjZE7QR9ioUkQKSNC9zBgUXnS08uPh7BHD  
HjxsugjqH/3HNaLzF+56oKmFsZpbw9ZSnOfoM8pqBl1+A7twToR/8VvEKfvfhbid  
v+PaAH7SQcavJq7ot9p9dpNvfd161QXtK9tQXmbNC/WLSY3pYy4ju7GdDfedeS45  
63tDSkN1TVTiZnYJ4DcvEovWKfERLfw0ejdn0vQwAEHYEVlqFGsGMDFsHw3QTMGN  
hF8ynU/OB+pXOe2/V0PTvXix1c9NemE3jejQH/+I54TJTv0MWtSpq9jVTwGiqEFl  
oNoO4TQqPWHhOhfPYy7Kwom200ND6PKsiHdfSNlpB7SWbWXsvscY6Bn9JN8E9rff  
ubQcuoFR/9i8t9hoj2mPr/vcAqc5l/g75KwhHZD870gwuf7BgzOWQdmGlmA8KKRx  
9qmiwEZxPbQ0GL4hFX3H5LKntkt8w6DlhCXQzlM7cWZHI7M5jj7mxjlYJ4EDRC5C  
NZEzG8SUmpA=Knf2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1439-01

Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1441-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1441  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
openssl-1.1.1k-8.el8_6.src.rpm

aarch64:  
openssl-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.aarch64.rpm  
openssl-devel-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-perl-1.1.1k-8.el8_6.aarch64.rpm

ppc64le:  
openssl-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debugsource-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-devel-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-perl-1.1.1k-8.el8_6.ppc64le.rpm

s390x:  
openssl-1.1.1k-8.el8_6.s390x.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-debugsource-1.1.1k-8.el8_6.s390x.rpm  
openssl-devel-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-perl-1.1.1k-8.el8_6.s390x.rpm

x86_64:  
openssl-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.i686.rpm  
openssl-debugsource-1.1.1k-8.el8_6.x86_64.rpm  
openssl-devel-1.1.1k-8.el8_6.i686.rpm  
openssl-devel-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-perl-1.1.1k-8.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEGRAAk+B4NZVXOw/6ESexdRQa3UoAJBzJ6KaY  
IUjQ45hsLjQQd6bYj79D4V6onHaCUZwxD5KPzAL8rz29gfUJbN5dAef4F1Zq+k3Y  
5dutPiVFLZ5C5wuX2cPgKp6GOsShlwWR/D3pjO67L+oeQEoYJ1K9nhqc5Pg/2dbJ  
5mPejApHZ5iw6V3XQq8s9hHmkRB+dF7jKzRFjttBk3Enec5Y93krT90L0oKkarcd  
Q6oNqtcQBnMK2994D9LdKri9uYBZ+PTpgchfGxsIaceeJwGaslNxyNAbsk5bywHC  
3F7ajsM/VkbpEPYqonjX4Ww+SjR4qnfBAhSJDn88GP29I0htmNlsk8zRpwbKpdxn  
J2CbdgHASLoKMa6+o3tpkSQgwgTjoL4Z9yQvCTW1O6Q+21lKEfwCIqoh70BzINy3  
fN13qgUocmC2H7DT/cM1yxG849qUt0QCN0Y6UmIZytzdfTPib5ZR0PK7z8NEPih8  
cFr2uIGKa2UvisJ8wtSQ3KiIWjy+cU7zbPJAh6QDch82wLPrBTy7koyB+9qbZ408  
Whff+suKBHWxNXLwjnS2N6U7uodZry0cCTlusoi8VrLLkg64LY4++VQZfofUmjqz  
WSFFcRGdZNbCi9XFWCJWZ+suiNiuRyKhzM7y8GlAyCdHb1uzk7g4fKIiUkd0tthT  
FS5/PuRmzNI=pQbM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1441-01

Red Hat Security Advisory 2023-1438-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1438-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1438  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
openssl-1.0.1e-61.el6_10.src.rpm

i386:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-1.0.1e-61.el6_10.s390.rpm  
openssl-1.0.1e-61.el6_10.s390x.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-devel-1.0.1e-61.el6_10.s390.rpm  
openssl-devel-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-perl-1.0.1e-61.el6_10.i686.rpm  
openssl-static-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-perl-1.0.1e-61.el6_10.s390x.rpm  
openssl-static-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-perl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-static-1.0.1e-61.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEng/9H4eD9JfHPrMo7I2nNn5BmFSsAkVKGJmH  
S+UwS28apMed5VKlk+kZuBlJh3q6FhE2TlEU+bQ2FjJCFi77UWzlI4upEvjbq//1  
p+U+3/mW1safS9tGkWzQ412ZyEJFwmiO5LwBdzTg8MFwt1DnE3Dqhx+DD5DY19hN  
+v8tOPVDKG7WthUB0bnzI38GKAo6xCNwHXAH/22SRgBMbxMp6PY9NoiXpNt8YON3  
YFIW16qvTpjfWtKvalhmg97icKyxEh/hOXThHgaLT8m39NfiMrb0uNYMOsPuYos8  
/uXuQXSlGCfKSAf6wz1KMa94fg9p1GXuW2dLM+hgjENcIKGFiB6Wqp6LrrIezT1j  
0v4XRtcTp6Qhq2YR+053EI1VBZa7Uj0icWiN8o0efgOezX7LdyucRMa7jWkPac72  
ewpf59CSsUuvuh8+DJhZAr1bnK1LDiP9WwAmL6KC7pe+/hGGHuPNxmA3bB2pNRXu  
k9CAuxTtpEGqM8NpvvtnixNJ/vhvJ1r7jQErwVDLSBNlYEtEDxPk7TsDxdhlA2Tf  
o6aZi4yMFDdJSrktR96t+xthkgjkHicMn3wt+XSFzXAWNf0+nBR6Jm8PxD19eApB  
DDI0U0Alkd1mG9EehN/gDegTorACR+lJccdgc0O+j37rtMNuxGT9LpiwWJj5xn7i  
dKBbvGOB2ok=W1uu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1438-01

Red Hat Security Advisory 2023-1406-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: nss security update  
Advisory ID:       RHSA-2023:1406-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1406  
Issue date:        2023-03-22  
CVE Names:         CVE-2023-0767  
====================================================================  
1. Summary:

An update for nss is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Network Security Services (NSS) is a set of libraries designed to support  
the cross-platform development of security-enabled client and server  
applications.

Security Fix(es):

* nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox)  
must be restarted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
nss-3.53.1-13.el8_2.src.rpm

aarch64:  
nss-3.53.1-13.el8_2.aarch64.rpm  
nss-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-debugsource-3.53.1-13.el8_2.aarch64.rpm  
nss-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-3.53.1-13.el8_2.aarch64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-3.53.1-13.el8_2.aarch64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-3.53.1-13.el8_2.aarch64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.aarch64.rpm  
nss-util-devel-3.53.1-13.el8_2.aarch64.rpm

ppc64le:  
nss-3.53.1-13.el8_2.ppc64le.rpm  
nss-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-debugsource-3.53.1-13.el8_2.ppc64le.rpm  
nss-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-3.53.1-13.el8_2.ppc64le.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-3.53.1-13.el8_2.ppc64le.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.ppc64le.rpm  
nss-util-devel-3.53.1-13.el8_2.ppc64le.rpm

s390x:  
nss-3.53.1-13.el8_2.s390x.rpm  
nss-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-debugsource-3.53.1-13.el8_2.s390x.rpm  
nss-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-devel-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-3.53.1-13.el8_2.s390x.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-tools-3.53.1-13.el8_2.s390x.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-3.53.1-13.el8_2.s390x.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.s390x.rpm  
nss-util-devel-3.53.1-13.el8_2.s390x.rpm

x86_64:  
nss-3.53.1-13.el8_2.i686.rpm  
nss-3.53.1-13.el8_2.x86_64.rpm  
nss-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-debugsource-3.53.1-13.el8_2.i686.rpm  
nss-debugsource-3.53.1-13.el8_2.x86_64.rpm  
nss-devel-3.53.1-13.el8_2.i686.rpm  
nss-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-3.53.1-13.el8_2.i686.rpm  
nss-softokn-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.i686.rpm  
nss-softokn-freebl-devel-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-3.53.1-13.el8_2.x86_64.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-sysinit-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-3.53.1-13.el8_2.x86_64.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-tools-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-3.53.1-13.el8_2.i686.rpm  
nss-util-3.53.1-13.el8_2.x86_64.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.i686.rpm  
nss-util-debuginfo-3.53.1-13.el8_2.x86_64.rpm  
nss-util-devel-3.53.1-13.el8_2.i686.rpm  
nss-util-devel-3.53.1-13.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxe+dzjgjWX9erEAQgVwA/+IBlJG0b42blekqQi5m59kTCOI8Dx9QgV  
4ZBgPpOtwfMi2jmwG754CT9TqX3AL54vWPI7AravL4uPRPl4iYKDtYxQkCfT8kS9  
9UONxRafYT41m85WWmVz6lNwB+CepaxLoGa5kkmoS3i5/k5vMiTKS64k2u1dwP7a  
IByruQA1AnB1y64SF12dRNyZtZdLNXR1KbEjky+ZyhIrsoaUF7O22jGyOE96KodS  
76Fefaq1AYHA0heg3nvZeSpT2md9lJVveinFQ2NQoot6GPPyfFhFFyvocrZeqoko  
6f0idf4QJrigftvPIv8B/rNkZVQM9ILNL3jVFrRx8Q+BcJ0WZdioqFoivt4/Y/W3  
lqwIa69X0JKQfajsp/NpCOawwavYxFJgL2jnLQBZ09J6jBhgkjoTZx051Tad02m6  
8Pe7HVP+0NXCPGUtSaR5kPdeGzS6VjwBRHpa1WX8xISbYfe9G/SyB8c/E1lSjITP  
dwwGs+foTED+xRZV16bWlHgcL2GTzFaoSYL4bi8l0pn0pDNVBzK6m+C9U9uh1ENz  
BaG6v6K6KpJ/zWXFolNczEyAi1NgcxOD16yK3Hl6IjkQAQBqH5bTOIpLUtvyfmk5  
3VZokf1RVzByjYenvmsUlqciJPC6dOFoozy3UUFCRiXKuVeWrtx48dx5enVpYmxH  
whMZIzQsfKE=UL8Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1406-01

Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component.

This release primarily fixes a XSS security issue in IXP Manager. It also has a small number of bug fixes and improvements. All IX's running < v5.7.0 are advised to upgrade. This release has a minor version bump as there are two small database schema changes.

Summary:

    git --no-pager diff --shortstat --no-merges v5.6.0 v5.7.0
     152 files changed, 13874 insertions(+), 8307 deletions(-)
    

**Upgrade Instructions**

Please follow the official upgrade documentation without skipping any steps.

There are no additional release specific steps required.

**Security Fix**

This release includes a fix for a XSS security bug in the looking glass feature.

The bug allows a potential attacker to provide an IXP Manager user or administrator a crafted URL which would result in the execution of supplied JavaScript within the user's browser.

If you are running IXP Manager with the looking glass feature enabled, **you are advised to upgrade**. If you wish to delay the upgrade and mitigate the risk in the mean time then you could:

1.  set the looking glass access privileges to _SUPERUSER_ in each of your router configurations;
2.  advise your _SUPERADMINS_ to examine any externally provided IXP Manager URL for the presence of potential XSS code.

Credit to Bart Vrancken (AbuseIO CERT) for responsibly disclosing this issue.

**Small Features and Improvements**

*   New Artisan command to reindex switch ports' ifIndex based on ifName. This is useful when a port's ifIndex changes in a switch operating system update. See this documentation for more information.
    *   And suplemantal to this, we can now also exclude a switch from polling (via 00ccf4d).
*   **IX-F Member Export:** improvements include: (7286616)
    *   Provides a more user friendly error message if the schema-required IX-F IXP ID is not set.
    *   Allows the poller to provide an IX-F ID per infrastructure if one is not set via the parameter: &ixfid_1=xx&ixfid_2=yy.
    *   Allows the poller to ignore the missing IX-F ID and set it to zero via the parameter: ?ignore_missing_ixfid=1.
    *   Tag IXP Manager as the generator of the IX-F JSON document (4185fe6)
*   Better member logo layouts (c10c712) and option to add a background colour to check transparency (8a0ce56)

**Bug Fixes**

*   Can not update IRRDB if only IPv6 is configured. #662
*   Insufficient permissions error downloading crossconnect documents #663
*   VLAN Tagging should be warned/enforced when >2 vlan interfaces exist #667
*   ASN max length too short in IRRDB database due to the 32-bit ASN integer representation in database being signed - fixes #664
*   Admin _log on as this user_ updates last login date when it shouldn't - fixes #652
*   Rack field in patch panel port verification page is blank (f95a893)
*   Off by one couting issue for admin dashboard - ports by location (4a10448)

CVE-2020-24857: Release Security Fix, Small Bug Fixes and Minor Improvements / Features · inex/IXP-Manager

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

Tag

#js