There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

Self-registration is disabled due to spam issue (mail gorcunov@gmail.com or hpa@zytor.com to create an account)

**Bug 3392857** \- Heap-Buffer-Overflow in NASM( asm/preproc.c:6863 in expand\_mmacro)

Summary: Heap-Buffer-Overflow in NASM( asm/preproc.c:6863 in expand\_mmacro)

Status:

OPEN

Alias:

None

Product:

NASM

Classification:

Unclassified

Component:

Assembler (show other bugs)

Version:

2.16.xx

Hardware:

All Linux

Importance:

Medium normal

Assignee:

nobody

URL:

Depends on:

Blocks:

Reported:

2023-04-10 23:10 PDT by Daisy Chen

Modified:

2023-04-11 03:51 PDT (History)

CC List:

5 users (show)

Obtained from:

Build from source archive using configure

  

Attachments

**poc file to reproduce the problem** (1.57 KB, text/plain)  
2023-04-10 23:10 PDT, Daisy Chen

Details

**a new poc file that can run nasm without asan and we can analyze it with GDB** (2.92 KB, text/plain)  
2023-04-11 03:51 PDT, Daisy Chen

Details

Add an attachment (proposed patch, testcase, etc.)

  

Note You need to log in before you can comment on or make changes to this bug.

CVE-2023-31722: 3392857 – Heap-Buffer-Overflow in NASM( asm/preproc.c:6863 in expand_mmacro)

Red Hat Security Advisory 2023-3141-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3141-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3141  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.11.0-2.el8_6.src.rpm

aarch64:  
firefox-102.11.0-2.el8_6.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el8_6.aarch64.rpm  
firefox-debugsource-102.11.0-2.el8_6.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el8_6.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el8_6.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el8_6.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el8_6.s390x.rpm  
firefox-debuginfo-102.11.0-2.el8_6.s390x.rpm  
firefox-debugsource-102.11.0-2.el8_6.s390x.rpm

x86_64:  
firefox-102.11.0-2.el8_6.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el8_6.x86_64.rpm  
firefox-debugsource-102.11.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXf9zjgjWX9erEAQiGJQ/+IbXk9s0LKLKZbhDerprRsgqOPXJIck0q  
eg1ZbODSbva9/Dj9Kq20hlxaYWAByAnoXz6M0r1jq+0GNu9yTpE0JOmxjonU8TPi  
ECXQ/UhERsjukGKM4RER6UvUeJfR40XHz679hiAMJ60AukkxXCw7lifGc1LHpdHk  
eWSHIC+t61sllmjCYTznjyFOm77oJiu4+l7U06m5CdCeA6w0VnXTQa25qrwzcqqK  
q02WTSvFhsQpcrF5zXSTjv9ft90lK92kn3b/LHwSHnGfOsi8nU9W7MrriVU+xRRY  
mkc09mABk3lizEUSSVszLW/Kai4twE2R8tArQ8GMzQL8RbLb8f0BOElWLdJUIIcp  
HJgXeAzI/1OMBUF6DMLruoZBUPu9VZfSAbbJjMOIrkblKKfDjBSV/tyuYhxnKVSI  
iFkZEAcnR1dTBHESf1NlAoJDJQPRbL6MfJN7kDyTHibyHeyogo2m09NnbC8RAnHh  
ajRGXuT+AjTSQbZ4fSsCEMQUBT3p+yMqxgeMbXGsHSZwKIMjFqbcHVKCdC690Hax  
KUK7Z8df0/GitY09CtUwe+/ixOqbEdBemhJdOtWizWoIZkqMez1EIKfGGzq30y7L  
bb48BRYyTEO/Hu8PRiUrZMCg/jucsxlEM6zfIXe83ixFbtk4yII6m3pMN/+R2OFN  
xTYEXUTCJdA=iQXv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3141-01

Red Hat Security Advisory 2023-3154-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3154-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3154  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.11.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.11.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.11.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXkdzjgjWX9erEAQjuShAAkWX1DSw3Bmb5UQn4/AmVHwBNP3Iduf6L  
l9K0TPID9emj5PFXmatAooRp0G8GpCbdFhnan75SYmhSFu692gIXQ8BskfA94BMV  
7T65knnLu18HX5G/tn7KAVI5WGz7YeL6kf/V9QS5S8WHx7NjUMqmbyCqXVMbjk1F  
DSFtEBbnYb3vzmzC3/zBoRWJ6417v/I3jjLaGYpuCNuVULfMImsfEAXNHGYg6bor  
om/EYGrbTCERFp/m93wBDisKCN5ZsWcwF80xlZNhxp19F5jp38YcyYJNRiT7h4yy  
j/2nn9fEl7yaCJxJL67sNXnkNOpFX9iu3pPmSDmWxiIm8Bups0FrwyMN8DVpMjR0  
1R7pdyuZZ2UHyEf2cqgbOmvOUXKWbSMcUa/QhQnPYn85/9X5XMm7e9AYlm3c9D83  
HB8ot69f1386XXgm55YY7aFI3M90EWc8XryZmqTAVCl6iWCfgPLUoekjvs9aOZcf  
VA0oF/vpIK0VDldgB+7Y/weaZjvy7jdLibzWHlfboRVGz67UispcTARTEAHWOicj  
+izOVINgCz2z8uqrMzE1JXZDondx0ODkyCzJo09oNyW+T6dPHuypkW5SuNk+I+gZ  
qDs4OGEFXVNZXJI6cs6MbyFDJL09U1HenrXySi4sCOfVBNLtdowXowGvszyAEtC0  
gQ+czWiDOnE=5rLU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3154-01

Red Hat Security Advisory 2023-3155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3155-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3155  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.11.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQgLGw/+Nms5Ev0EIc+b4UVd1YnUR5FFjvNXquvt  
WR9NpsXrjMMjQQ5kHZCcvSopeWsWA0G2uCa7vY/8MMCQvXU+8gN1J1QaqbAsIQmK  
azKRn5B1pemKMW98XyxnOO9J6u0N+zBrLnLFYTuWVPZwTqZjRJ+MIv2cMQM3vM+2  
1N+5ElLTNVzkExNBro8ylOGZthcAqAMVYXpf2hDW0JZoToJA3toMjXwdjiJcewmg  
VSFi6iM8KaYepUkwDOPRg/GyzTd6mNe+kaLgLHs46Z3CN8pT3r05kftHLF7Qh2Ua  
qIpPRjqW9I88YFRF1dgxk45I6CcGDoCTDjWYW8c28nOKO9Ntop/XqIZTyKjgZjpW  
DKINKnpru38Xn9+ilkSLL3MI3FQMcI/3bZMIFH/BtiQbu4pPiWeysmP2BiRP8sRm  
I1D7mcavFG5o3k0xnW8/AwMx2es+4TuQnIXz70b0tW/U8TrbW3HWWtQA3Sba+nHe  
zF+AoMjJ4UxlPY0EE1EQ6/M0adp3niumP15Xy625ywXdN4toyra1MBsBqJcx3AiZ  
1jyK1TTgzMCBkftw/96ojdGTU5JiFfHSb0l4uONykI1sw79AhmzjFvrC1xn5L4Kj  
k1V4jhsLx74BWG7++TGwUyxkTXSucu0qxHtAv7KhxmiELs/9qVt58zA+p3wjO/z4  
RF3PcjF94kw=fLdi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3155-01

Red Hat Security Advisory 2023-3142-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3142-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3142  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.11.0-2.el9_0.src.rpm

aarch64:  
firefox-102.11.0-2.el9_0.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.aarch64.rpm  
firefox-debugsource-102.11.0-2.el9_0.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el9_0.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el9_0.s390x.rpm  
firefox-debuginfo-102.11.0-2.el9_0.s390x.rpm  
firefox-debugsource-102.11.0-2.el9_0.s390x.rpm

x86_64:  
firefox-102.11.0-2.el9_0.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.x86_64.rpm  
firefox-debugsource-102.11.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiRXBAAiVIUbn7dOf2NutaLOvipz864YOInXgvg  
DBBWDy4c5i7SlkDPst2YcxDnhKv4k9aj9HUDcNEL8eYgSR6l7brPPj2SSMQdlfCe  
gc0F0E6kHqPzkZ8EO4OCjQHUCfYYKlHRWCqCXRpYYCL0At9XZsk2Br1NsSqnRk3H  
lh9uGVrq56NJcJwjQHKVDrN/jXTDGTzPgqyLMmIUiVh5eTipYnkisRIEAjhRK9Rz  
MDeoIBdywRk6W4uKpNBtj2Q4CdiHJ2RNTjFvtdpYzxUqCdRp1/9G7hz/LRwR8Hnc  
k83snO3fALH46af/hLFej1GZir3EhpG8zJMkOqxtivGd+ly36Ba1iEOeodUxYGh1  
ebjmdj2dGWsaedhxwMy2hDWMoVjXu4629VpnuSJdsxptTxraMGGkyZB0TRSMAGEZ  
NiXXLEUGVWqgq8dOii4vefq75IzSXGUwPguts0jUpxLJG2RhA1M+Uqu0UH7MPdOB  
UKGu+mW5eRHBs62v8ntu6kG6qMw4LpAKAX0Yc/2vBsqJqMaXjoHN5tmrl9oUQKvj  
7FtoaTGl+2RF9zLKUi2LSeQrTws92duNWomoAY8DC6ks0PS0zmLXi8OnX/PLIl6q  
zGo+wLaUqOv+lZmSYx/r58e1pFQoaHvsbPO1yy49s8mUlXS18HmMDVyraiBEnMsC  
6uKZMJvihQI=G9dm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3142-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3145-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3145  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

ppc64:  
apr-util-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-1.5.2-6.el7_9.1.s390.rpm  
apr-util-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-nss-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQX0NzjgjWX9erEAQgRyQ//dcncRu48Jh6moW96jAzVAd5aO1+ZC04/  
o3sqB/de75bp2ISpOCKFsTO5iRY8q4O3pXM5ZBXpVvOmnCfUdBfZDYqrirp0EJGJ  
cbC+p46UdjV6VltZVjK10BG6D2YozMLtyMOOvK4CMYhqlbYRkznkzCsY8CFayANU  
bbBwkDSPFhpoVZHrnxBkXa0jJM25Bt4DD1lmrWsBI46J1Y0PQOdRo0r1gC7jX+EP  
tP1GDnAwdN/e70/wCuehr92Y+idv8Ngbsc71pt0siWh3A3kgMIHy6+QZiZUWW8Zo  
koUSIL9YEgCQ70TAdOSqH2P4Gq2g9CzA/NyB1Kt+AFdpkV4Q+SWrSVbommhI/BeY  
zV20beFPZ+QAS8ddPl/GKWPmpGsTakDIkA1dmo8y7F7S4AXDk8zFqOt5yu4i6e0j  
GL8DHm3mIE2N4DJRFb8lLJ2QN9QQDzlIQg/v3hw+6P8dEiZb/ajh8H92zwlmoH/r  
W3UWyym5l3OvnEFIGqHPY8mBodZhYp/F7WfgsFP2hxjwWuGcpwUW2MBZ0PbIB31l  
Wrx6nJoHMV3tgGEkEIZ7IjRtj/JEP3/y+rFa1GNtp+/3KLpx+fgHFcIg7ESz+h5Z  
1vkti/h/dqn4DDuJ24z9yuSYX8TtRPk0oQJC5twRJHn2zfAdc+z/lgH32USwImTJ  
vgTT/CsNs2s=+nCK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3152-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3152-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3152  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.11.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiHWw//ajvOZcTDGCJ+4O4WOLrInKQl1QUrneko  
4jfE8vi/IOiFFEvdl8oGYj1rROVVBmsR0R1hesHm76AHcCvqXcXQJNRx3k2zFkFU  
VFwkBFq4kkdmdAM08ZVY/oRz6BEqJT+yD4HxkIXwSi32U8i/bIl1W+g8Pw/2a99W  
lbwnoGPbnKMBDtQggpiSFVhDDHnamUkAVYUj6R2v9Q7BwFA9Hm4ir7+6/jbNUzZG  
jM3wllzLPp1Lhi+KzQosL09SKQPJ2rRbc4seBLTRFFdylu1qt6zB/qa+VHbcfByn  
mnVHnN95tj4DPhOxEDC5jfCKOC16+bXSK5x71ClaCjf6DwIqy6zpPredt1HMxB/U  
Q6oxhiMn9+N4/zoslO/5SpbPGibPQ5a+aiHHOlEY9LNlckKFFjxC1LnKxwV0pomV  
JPVtS1sLZuHpUI34hHDid9auwoeqzKEFEcJAkqtESXOHN8BhvSZfP5yiDbm5mKu7  
jHphcOvxt935M8pEc5zYHOumcKCiDD8Wug2TlGL9WNZglqKw03NRxDFIaFy0GMLX  
h2Zg4tts+2zgOe2ESYb44S0m9v4273eSgyMflbY89eFYnzTGdswiAr30cVRDnyvR  
L2Sn7eyNIeK73/OcH4btiuAEC0EXw/o+YKDk5GnDPNvRHp9nqvL6PhT36CX3wO4R  
0NGifNvNLUM=Noqz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3152-01

Red Hat Security Advisory 2023-3138-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3138  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.11.0-2.el8_1.src.rpm

ppc64le:  
firefox-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el8_1.ppc64le.rpm

x86_64:  
firefox-102.11.0-2.el8_1.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el8_1.x86_64.rpm  
firefox-debugsource-102.11.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXc9zjgjWX9erEAQgQLQ//WDSrnqY65X9Z7UuItp6kvlGnIVeIplBE  
8AnuFdw9Np9RMRD8HfuUotRbFCtqiv4N/hUiNIKsfIh4R9lydALWZDlgIrjzPOLY  
KZXjs1JVJcqNcCKZxpCLxyamqR6MIqetD2HkcxrApGWphPRsYnvSmwKaHggAONw/  
DpRHa6VyYlA3BFT/cG5zwnNz9HVAl26aEIo0CooDdNvAYzv0kcjSO/pgC/Zrw4OG  
hnSfSDmVfWQedc9v1UqiAbQUsMfbN8lDj/c1T89laGyZZIJe5h5dG+lOVDdpAOSF  
XTYY595TouGFrcx7OBXRJHTAxxBaNwbMgfQExfDKKX3GRQ9LLbNcCC4wKhcM10Gj  
j4CFBnBQIK5ktYV+hCofPjLZuluF9tQxK9rmgFbttl0dNghQUOAZZ02ZEzsstdzQ  
cap9ZeJHUEuABrBepJH6jBgXyj0Ih2vKyh+0EsF+uhmoCSe6i48vwxWZs1Ns1HGu  
8Wl2jQ2DV2gsQTagPBtDRRALD6iNuvS1ukEQ9a4/m+f4UnrvqP3FIDvwH7kyA8j/  
xZ+aTatzqvDmyU8ObhyNXAc9SIJ2uU1B2oIP9gEi2w65q+VAG0nT1U3ujtFTZHVp  
2v0eKPKM5Sj0KKMbyZsrp+9Ay9YQ7/b+Pk4QBJsjnNOBBINsFRZc/1ToDGQwsoqB  
M3/zADpjqCc=Y/u0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3138-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3147-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3147  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
apr-util-1.6.1-20.el9_2.1.src.rpm

aarch64:  
apr-util-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-devel-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-20.el9_2.1.i686.rpm  
apr-util-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.i686.rpm  
apr-util-devel-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQjKfxAAi9nkw6scvMzD7KVjI2+BZrNp2RmTLuhO  
Gc/m7y7+XV3ZE8tfMb2GdjvTvR6/p9V/J5LX7/hBQ03/EIVjNmv5IbLi4bDsBw2e  
yUpQk2SOdZNhFs7jKeEMHq6fgkYxkeOWLkttH19MZmNv8n8I9X8rQl+KHtUPJ5HZ  
fYtm+oV28kQFkbGIHErZ094KsJKc0Dqsvypf+ywDDXaCqwiK0FU541GWNFiCB7kz  
ncKd6MsZla/az/+vu9dOMrZYTu9bfiEL0smI8XfXwpdo1xC+XNmkNlAkSq2e3paw  
rWhriq3P2Fstjp5Fuz6TksV8b4D86PdP3b2d3VcHHdfnZnMfNy+oYtJoPxo/krJ/  
48SY0BbLgSGRgPeUTjwCh1RUaR9BfIys02TuTnoi4ORKCvQ96Rz2bMlwk+Cdtm6V  
DHbgKn11Morh8ge2myVEOfqaDzAIhLQdLMe7d34fQdKqmQH1A60fCwkQvyUC7BqR  
LLzX6uJUH3hUHmFS05RxqfPu+Bwjp3DYn8+G3pGBLs3hKZqEHVy6ObFQx44Dbuc3  
HLFVizZddN8nDqnBP9VGNdizEnDOKhK5XclCzR58JHTQJzgsvNdKX42N/fmSF4vm  
6256481Doepc67tjtx3bw6vstM+hq9s97Yq7gr1TDR9oTrVZiS6Han7eWK0oSrKk  
ptqJa8LgcIE=yPCQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3147-01

Red Hat Security Advisory 2023-3151-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3151-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3151  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

ppc64le:  
thunderbird-102.11.0-1.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXstzjgjWX9erEAQh50A//QFlGYqgaEPQsSggYbY2ENj1xRZc5kyVM  
iuNxOCUKQksfBnbz8dFKlZCsBT1+xXnhtvUEov/gViXEt19j32aOUcBsAm1Kd0W+  
Sc5kELdH+zDNuxsMctfFiqrKB3WWwlqec2fll3I9q0YOcrQP8Tr1PkL7GnZK8FUn  
JsyGGijvorIgQ+bAsQDai4xD5EbZRqDyVq8l7rNGz04q1ojYdTaBTCWZtJHUJx+k  
31t0CpGJXE0lbAcPnoApLqFvkU6yW07xckSohXg8u0GHInaz6N7Dz9Um5WAazaIk  
4GLsZZq3pIjW3lvIbQ1FKW5M/+wBINGfDdpC+g+Xeca+fFe8zQwD4KoKQ8bph2OY  
uq3Y9AtHGP/Ngqc3DFJ8hE/bvBvXEvnlTJAb1UhZs2vz33ZU6v9f3HnFvt+Ie4Ja  
xSkstW/AY7YtVnPwALo3SeAgZl4TWeOPbYl8f3/BRPjlvp+kF88C6OeqUWDFyRNH  
CyS9UZlrFSz0ua4fyb3cziZxrXW/eXttlX1Scm07gDoJ7uSB5pggAjgjHMz1dQJN  
87/InHqFfk35zpsdJR6H1/taLc7fEGzasdKIYOrV36HTebRLvx77z/6rkCGMSmeP  
vdbWVwH6bpIGa0yKVWGjBg+lwv1xoiCxgoCRqlJXJ9Qm2bgweJ55HVdS3e5w8Q9+  
q73Lq1N0xjwNq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux