Red Hat Security Advisory 2022-7813-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: mingw-zlib security update  
Advisory ID:       RHSA-2022:7813-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7813  
Issue date:        2022-11-08  
CVE Names:         CVE-2018-25032  
====================================================================  
1. Summary:

An update for mingw-zlib is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - noarch

3. Description:

The zlib packages provide a general-purpose lossless data compression  
library that is used by many different programs.

Security Fix(es):

* zlib: A flaw found in zlib when compressing (not decompressing) certain  
inputs (CVE-2018-25032)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:  
mingw-zlib-1.2.8-10.el8.src.rpm

noarch:  
mingw32-zlib-1.2.8-10.el8.noarch.rpm  
mingw32-zlib-debuginfo-1.2.8-10.el8.noarch.rpm  
mingw32-zlib-static-1.2.8-10.el8.noarch.rpm  
mingw64-zlib-1.2.8-10.el8.noarch.rpm  
mingw64-zlib-debuginfo-1.2.8-10.el8.noarch.rpm  
mingw64-zlib-static-1.2.8-10.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-25032  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSGdzjgjWX9erEAQgUwA/+I0Yfh7SE/3ex1OCbDRi+Y7TQV6LPIfaY  
Wf+3Kq1gTm3ApB7ZgN8oTrIEfIN/NjQ+NUKhLM6X3jEi8gVxzZloOnk3B6liK1wg  
0N3LY0PW1VdJB44WaX/ZfB/vu2sTEJfux9CgKphAm10G7vIv9gxlbRRZ8+vRXeMN  
/ATsBoATo8OaK9yzAMBLnSpbxHJvimEr0AGoU4ixZTeF91p9ypMT59yuF+GmOu+r  
Qw7DxvJSnhrz2RrekBuBCqli84SzM8y9w8PCPojrIuIkcZDmZfgXhplAgZNCs2Tm  
j8KGbjHawDhgHQEs5zHJMI+3uBjsrm6bq9G81qdUQto8o/GmLkZj36B6CpmSfk6Z  
lIUItBHDd9gEt4aHNJzBoOIPUq6KMyKqOK20t4o95Nx+Uyoww6VQoVfDaGS+x/Th  
DIufW2cA53/3r47jF91Hm2365WkEKfF2Jx1oAJFdBwaaIp2JRk0WtKkHOmsDN1//  
h0dMMMo/+sUeIAHBz0xpiP9AMLhujmCPfObU29GaB2HNPhz7SffcE6vDPs2Zq6pC  
DwivNCrBfiVDfPpC2CMwK0FZSuV3UFq56MeCbSMaqUczsPWWxESeEVxOV9AJXl6Y  
jhyoYbtM1/n8L05zLXU7d50ig6oKZ/eZoMULg7Q2LboKYjWMk0+ashgqhdOigTup  
tIaNurRUEawioM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7813-01

Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security update  
Advisory ID:       RHSA-2022:7830-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7830  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-44531 CVE-2021-44532 CVE-2021-44533  
                   CVE-2022-21824 CVE-2022-35256  
====================================================================  
1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: Improper handling of URI Subject Alternative Names  
(CVE-2021-44531)

* nodejs: Certificate Verification Bypass via String Injection  
(CVE-2021-44532)

* nodejs: Incorrect handling of certificate subject and issuer fields  
(CVE-2021-44533)

* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields  
(CVE-2022-35256)

* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names  
2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection  
2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields  
2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties  
2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.7.0+16991+b0a68a3e.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.aarch64.rpm

noarch:  
nodejs-docs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.7.0+16991+b0a68a3e.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.ppc64le.rpm

s390x:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.s390x.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.s390x.rpm

x86_64:  
nodejs-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-debuginfo-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-debugsource-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-devel-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
nodejs-full-i18n-14.20.1-2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm  
npm-6.14.17-1.14.20.1.2.module+el8.7.0+16991+b0a68a3e.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-44531  
https://access.redhat.com/security/cve/CVE-2021-44532  
https://access.redhat.com/security/cve/CVE-2021-44533  
https://access.redhat.com/security/cve/CVE-2022-21824  
https://access.redhat.com/security/cve/CVE-2022-35256  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSMNzjgjWX9erEAQiFmA/+PFsIM04d2Gzf9L0EzhYopvP+2hpQ3oXe  
rxs1jY17w/shvRUvBEcfFGwjqkw+9BROLnY76riBWXvS4cLdic/GaVoDYA053Swv  
qg47PgZuYgyM6Vj0ggqnN4pmN+4ydnGQnfCY5enQMZuUEEtkoP1kKj/r0b14G2Qb  
QAfRjS4kIBsIqdfWVLmB2ADyG4/RErrmQznmqnI+NgyVed+EcHQwKDXWJxQAcf1d  
bSWPPiYxKDMjl4prvFCIO4j5HIMcSxX2ydCuzU+unzdAzEVfhksJvug4vJOhI/tj  
vLbNYpb32szyWDF8RKqBCxqtpSFL+Rj1dSB9S8vLRD1vdme8GcY0bb4RMT5A7rxG  
vxboN1UnFBVasytToFrVMb6YI0hRIbY6u/AEDr7FpuZlc75IeBDuTrd513g0/JV2  
3s7uSktUx+5CLE6yTcbjNFzyxt/CWlXYRLxDjei4PAgTHUob0XV4ceegiSQtIrJR  
BsDZ92Rl3fL0h5ifQyX852F4aYDdN4wUNeaOL6dDh8I/O7YTdmwVrFJOsCaJbuW2  
eEEezk6n3EsGA0GUu3g4llzynyE+kbEVM03ZycSVeL5Rg14p05nabXiYy22r3fKq  
oKo6QsdExSS+8yzDLVpug1B8LUbQ9KjA3TwkuSpAFzLFF4Gdf9TDT81cXMnxoYbU  
9kKLmbdmAnM=ZgF8  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7830-01

Red Hat Security Advisory 2022-7585-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: libtiff security update  
Advisory ID:       RHSA-2022:7585-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7585  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-0561 CVE-2022-0562 CVE-2022-0865  
                   CVE-2022-0891 CVE-2022-0908 CVE-2022-0909  
                   CVE-2022-0924 CVE-2022-1355 CVE-2022-22844  
====================================================================  
1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged  
Image File Format (TIFF) files.

Security Fix(es):

* libtiff: Denial of Service via crafted TIFF file (CVE-2022-0561)

* libtiff: Null source pointer lead to Denial of Service via crafted TIFF  
file (CVE-2022-0562)

* libtiff: reachable assertion (CVE-2022-0865)

* libtiff: Out-of-bounds Read error in tiffcp (CVE-2022-0924)

* libtiff: stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355)

* libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c  
(CVE-2022-22844)

* libtiff: heap buffer overflow in extractImageSection (CVE-2022-0891)

* tiff: Null source pointer passed as an argument to memcpy in  
TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908)

* tiff: Divide By Zero error in tiffcrop (CVE-2022-0909)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this  
update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2042603 - CVE-2022-22844 libtiff: out-of-bounds read in _TIFFmemcpy() in tif_unix.c  
2054494 - CVE-2022-0561 libtiff: Denial of Service via crafted TIFF file  
2054495 - CVE-2022-0562 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file  
2064145 - CVE-2022-0908 tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c  
2064146 - CVE-2022-0909 tiff: Divide By Zero error in tiffcrop  
2064148 - CVE-2022-0924 libtiff: Out-of-bounds Read error in tiffcp  
2064406 - CVE-2022-0865 libtiff: reachable assertion  
2064411 - CVE-2022-0891 libtiff: heap buffer overflow in extractImageSection  
2074415 - CVE-2022-1355 libtiff: stack-buffer-overflow in tiffcp.c in main()

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libtiff-4.0.9-23.el8.src.rpm

aarch64:  
libtiff-4.0.9-23.el8.aarch64.rpm  
libtiff-debuginfo-4.0.9-23.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-23.el8.aarch64.rpm  
libtiff-devel-4.0.9-23.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.aarch64.rpm

ppc64le:  
libtiff-4.0.9-23.el8.ppc64le.rpm  
libtiff-debuginfo-4.0.9-23.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-23.el8.ppc64le.rpm  
libtiff-devel-4.0.9-23.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.ppc64le.rpm

s390x:  
libtiff-4.0.9-23.el8.s390x.rpm  
libtiff-debuginfo-4.0.9-23.el8.s390x.rpm  
libtiff-debugsource-4.0.9-23.el8.s390x.rpm  
libtiff-devel-4.0.9-23.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.s390x.rpm

x86_64:  
libtiff-4.0.9-23.el8.i686.rpm  
libtiff-4.0.9-23.el8.x86_64.rpm  
libtiff-debuginfo-4.0.9-23.el8.i686.rpm  
libtiff-debuginfo-4.0.9-23.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-23.el8.i686.rpm  
libtiff-debugsource-4.0.9-23.el8.x86_64.rpm  
libtiff-devel-4.0.9-23.el8.i686.rpm  
libtiff-devel-4.0.9-23.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.i686.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
libtiff-debuginfo-4.0.9-23.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-23.el8.aarch64.rpm  
libtiff-tools-4.0.9-23.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.aarch64.rpm

ppc64le:  
libtiff-debuginfo-4.0.9-23.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-23.el8.ppc64le.rpm  
libtiff-tools-4.0.9-23.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.ppc64le.rpm

s390x:  
libtiff-debuginfo-4.0.9-23.el8.s390x.rpm  
libtiff-debugsource-4.0.9-23.el8.s390x.rpm  
libtiff-tools-4.0.9-23.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.s390x.rpm

x86_64:  
libtiff-debuginfo-4.0.9-23.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-23.el8.x86_64.rpm  
libtiff-tools-4.0.9-23.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-23.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0561  
https://access.redhat.com/security/cve/CVE-2022-0562  
https://access.redhat.com/security/cve/CVE-2022-0865  
https://access.redhat.com/security/cve/CVE-2022-0891  
https://access.redhat.com/security/cve/CVE-2022-0908  
https://access.redhat.com/security/cve/CVE-2022-0909  
https://access.redhat.com/security/cve/CVE-2022-0924  
https://access.redhat.com/security/cve/CVE-2022-1355  
https://access.redhat.com/security/cve/CVE-2022-22844  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSdtzjgjWX9erEAQgceBAAgxamrzyTOP2GS3s+C1p5y6grhjvDcDiB  
myi0mTUQ8H8ivuHf84wq6o0+K4LDuZ9mbOo/HYxJv4QIUcSfDF3xpZA7siuC0wr2  
p4G5BSmPyekDnIak9m88mTeBGi0BAuruJUbXi8lyjh6ItfsbWVi5GcTcJyz5WslP  
fJl66PglBOGYSvy5Yy7NKjHZ9NURG2Uw1chyaJa334IthtXNiFOobwEAv/KaGUIs  
o5qlcr+zliRVv6k4hlwFhFegCtqWIM8vfqUkVsf/jP2+rGrZTfnqfNKvWnNYIXq4  
zrY95PD7DeX18/ZHQ6JXOmVXczXSL0yzQjvUAs0hJK98cRBYfKgUHXf4tSzW2wfU  
4XPXjUj9TNV/Ld4J8hKrxE63GoqF0wDyGXSnkLr6KDHc2kk6A6yvUpVbcoXxuZT+  
O498iq52P3NMzAZyUk342AfsdASR3nnewuusksd1avLGZ2SjsJHcezAD0IRJK+66  
7lizIhMG+GQ6n0WBwDAMhe/8SPiaIE9e3nOILVQ2eUdMf9RegowDJKWik2FDZfzM  
++UDx1ofhjOX8ASd2kYfvOaYY6Zt01r+RBfZVrRH8N4Ex6eozIDxyzssAV6yYvDr  
ZeH8hLuCeAsb1H59sLAjTjlQYE+lltNykmpZyeXAvBHIjfuigp3iqQnArnhzGTPT  
weUuSg0GqME=u7Ay  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7585-01

Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: nodejs:18 security update  
Advisory ID:       RHSA-2022:7821-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7821  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-35255 CVE-2022-35256  
====================================================================  
1. Summary:

An update for the nodejs:18 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version:  
nodejs (18.9.1). (BZ#2130559, BZ#2131750)

Security Fix(es):

* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)

* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields  
(CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen  
2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-18.9.1-1.module+el8.7.0+16806+4109802b.src.rpm  
nodejs-nodemon-2.0.19-1.module+el8.7.0+16061+0a247725.src.rpm  
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

aarch64:  
nodejs-18.9.1-1.module+el8.7.0+16806+4109802b.aarch64.rpm  
nodejs-debuginfo-18.9.1-1.module+el8.7.0+16806+4109802b.aarch64.rpm  
nodejs-debugsource-18.9.1-1.module+el8.7.0+16806+4109802b.aarch64.rpm  
nodejs-devel-18.9.1-1.module+el8.7.0+16806+4109802b.aarch64.rpm  
nodejs-full-i18n-18.9.1-1.module+el8.7.0+16806+4109802b.aarch64.rpm  
npm-8.19.1-1.18.9.1.1.module+el8.7.0+16806+4109802b.aarch64.rpm

noarch:  
nodejs-docs-18.9.1-1.module+el8.7.0+16806+4109802b.noarch.rpm  
nodejs-nodemon-2.0.19-1.module+el8.7.0+16061+0a247725.noarch.rpm  
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm  
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

ppc64le:  
nodejs-18.9.1-1.module+el8.7.0+16806+4109802b.ppc64le.rpm  
nodejs-debuginfo-18.9.1-1.module+el8.7.0+16806+4109802b.ppc64le.rpm  
nodejs-debugsource-18.9.1-1.module+el8.7.0+16806+4109802b.ppc64le.rpm  
nodejs-devel-18.9.1-1.module+el8.7.0+16806+4109802b.ppc64le.rpm  
nodejs-full-i18n-18.9.1-1.module+el8.7.0+16806+4109802b.ppc64le.rpm  
npm-8.19.1-1.18.9.1.1.module+el8.7.0+16806+4109802b.ppc64le.rpm

s390x:  
nodejs-18.9.1-1.module+el8.7.0+16806+4109802b.s390x.rpm  
nodejs-debuginfo-18.9.1-1.module+el8.7.0+16806+4109802b.s390x.rpm  
nodejs-debugsource-18.9.1-1.module+el8.7.0+16806+4109802b.s390x.rpm  
nodejs-devel-18.9.1-1.module+el8.7.0+16806+4109802b.s390x.rpm  
nodejs-full-i18n-18.9.1-1.module+el8.7.0+16806+4109802b.s390x.rpm  
npm-8.19.1-1.18.9.1.1.module+el8.7.0+16806+4109802b.s390x.rpm

x86_64:  
nodejs-18.9.1-1.module+el8.7.0+16806+4109802b.x86_64.rpm  
nodejs-debuginfo-18.9.1-1.module+el8.7.0+16806+4109802b.x86_64.rpm  
nodejs-debugsource-18.9.1-1.module+el8.7.0+16806+4109802b.x86_64.rpm  
nodejs-devel-18.9.1-1.module+el8.7.0+16806+4109802b.x86_64.rpm  
nodejs-full-i18n-18.9.1-1.module+el8.7.0+16806+4109802b.x86_64.rpm  
npm-8.19.1-1.18.9.1.1.module+el8.7.0+16806+4109802b.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-35255  
https://access.redhat.com/security/cve/CVE-2022-35256  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSJNzjgjWX9erEAQjaww/9FwAgM6VhLuL/A6jOAoTuAbjXIPjLq3bf  
BycFTPsYskS5aXT7hJUyT8WJQobCaw1J0e5c/+QnjJW1/9RNeAfoVNpuGyrnunXA  
4Ferj6qFwWHtzr0b2noQW0mzuOm6Ecen9r30vl58e+mgpmolrDWtf+Wsm/5fxuC4  
9CUfdJ7doifnNbrnmBGNOaINHflSAPo+GUZvvrPozYv74uuE2hmMTzM6rtg5EXqG  
hEI0zLJzTf3KWsKW6iIOWlOA2Kppn7JRsjNK2DQIotSSTmfNhS0AybKfp30Mgyia  
fxcOV0hdFqMq7HrOd/daP61DhhmyAECgYUCrhnVl01ntLQAPmmTmSihOHxrTbZcJ  
HewcOKlos2GgnQAX+DoMREn6KnvFTXT2xU0vO/X8Pbl2TyQ8B89Jb8m3hR71OBnG  
ARBDiEG9yWQaMLqrI9YHcsOR+4DxsXgecjItc3Bd9jbBKkLgnTi1efEjW/SdjU9b  
GWhL/2DVPOT9yg/j/+/me8+3c9O7vnePN7zaxUEoZ0DmdsDKlOzrC/D69thVIqXY  
JSQ8cINZ37RiCNRxcEvMQpwm/y79OCWVGdPptsluBapNDur5qeg2KrDYeHYsMXGF  
X9D6fP1Vod455kt+TxJCijA9XYT0JG7BA+KA5esIT2reCTvgQlP5QaEWqlNI39d4  
z9dijpwH2po=+8w0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7821-01

Red Hat Security Advisory 2022-7464-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: protobuf security update  
Advisory ID:       RHSA-2022:7464-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7464  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-22570  
====================================================================  
1. Summary:

An update for protobuf is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The protobuf packages provide Protocol Buffers, Google's data interchange  
format. Protocol Buffers can encode structured data in an efficient yet  
extensible format, and provide a flexible, efficient, and automated  
mechanism for serializing structured data.

Security Fix(es):

* protobuf: Incorrect parsing of nullchar in the proto symbol leads to  
Nullptr dereference (CVE-2021-22570)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
protobuf-3.5.0-15.el8.src.rpm

aarch64:  
protobuf-3.5.0-15.el8.aarch64.rpm  
protobuf-compiler-3.5.0-15.el8.aarch64.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.aarch64.rpm  
protobuf-debuginfo-3.5.0-15.el8.aarch64.rpm  
protobuf-debugsource-3.5.0-15.el8.aarch64.rpm  
protobuf-lite-3.5.0-15.el8.aarch64.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.aarch64.rpm

noarch:  
python3-protobuf-3.5.0-15.el8.noarch.rpm

ppc64le:  
protobuf-3.5.0-15.el8.ppc64le.rpm  
protobuf-compiler-3.5.0-15.el8.ppc64le.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.ppc64le.rpm  
protobuf-debuginfo-3.5.0-15.el8.ppc64le.rpm  
protobuf-debugsource-3.5.0-15.el8.ppc64le.rpm  
protobuf-lite-3.5.0-15.el8.ppc64le.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.ppc64le.rpm

s390x:  
protobuf-3.5.0-15.el8.s390x.rpm  
protobuf-compiler-3.5.0-15.el8.s390x.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.s390x.rpm  
protobuf-debuginfo-3.5.0-15.el8.s390x.rpm  
protobuf-debugsource-3.5.0-15.el8.s390x.rpm  
protobuf-lite-3.5.0-15.el8.s390x.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.s390x.rpm

x86_64:  
protobuf-3.5.0-15.el8.i686.rpm  
protobuf-3.5.0-15.el8.x86_64.rpm  
protobuf-compiler-3.5.0-15.el8.i686.rpm  
protobuf-compiler-3.5.0-15.el8.x86_64.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.x86_64.rpm  
protobuf-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-debuginfo-3.5.0-15.el8.x86_64.rpm  
protobuf-debugsource-3.5.0-15.el8.i686.rpm  
protobuf-debugsource-3.5.0-15.el8.x86_64.rpm  
protobuf-lite-3.5.0-15.el8.i686.rpm  
protobuf-lite-3.5.0-15.el8.x86_64.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
protobuf-compiler-debuginfo-3.5.0-15.el8.aarch64.rpm  
protobuf-debuginfo-3.5.0-15.el8.aarch64.rpm  
protobuf-debugsource-3.5.0-15.el8.aarch64.rpm  
protobuf-devel-3.5.0-15.el8.aarch64.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.aarch64.rpm  
protobuf-lite-devel-3.5.0-15.el8.aarch64.rpm

ppc64le:  
protobuf-compiler-debuginfo-3.5.0-15.el8.ppc64le.rpm  
protobuf-debuginfo-3.5.0-15.el8.ppc64le.rpm  
protobuf-debugsource-3.5.0-15.el8.ppc64le.rpm  
protobuf-devel-3.5.0-15.el8.ppc64le.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.ppc64le.rpm  
protobuf-lite-devel-3.5.0-15.el8.ppc64le.rpm

s390x:  
protobuf-compiler-debuginfo-3.5.0-15.el8.s390x.rpm  
protobuf-debuginfo-3.5.0-15.el8.s390x.rpm  
protobuf-debugsource-3.5.0-15.el8.s390x.rpm  
protobuf-devel-3.5.0-15.el8.s390x.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.s390x.rpm  
protobuf-lite-devel-3.5.0-15.el8.s390x.rpm

x86_64:  
protobuf-compiler-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-compiler-debuginfo-3.5.0-15.el8.x86_64.rpm  
protobuf-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-debuginfo-3.5.0-15.el8.x86_64.rpm  
protobuf-debugsource-3.5.0-15.el8.i686.rpm  
protobuf-debugsource-3.5.0-15.el8.x86_64.rpm  
protobuf-devel-3.5.0-15.el8.i686.rpm  
protobuf-devel-3.5.0-15.el8.x86_64.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.i686.rpm  
protobuf-lite-debuginfo-3.5.0-15.el8.x86_64.rpm  
protobuf-lite-devel-3.5.0-15.el8.i686.rpm  
protobuf-lite-devel-3.5.0-15.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-22570  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pRw9zjgjWX9erEAQhk6Q/7BbLJbeY4aURwM0mkAjDpideSVEGIjXJ5  
mE6JH0VL1FnnN4jMF/m/3vIr12ohYWEDy2iN7S5ZtGUDkD4Swn3RVd7OJ3adtCgM  
TDxOBbFHFzmx2HQXTU3ERP1WGPVEt0Ty4W7uDpfIqV4MlnTXyXVAkLXpLqj2kXNr  
MfQm7sS1+krcuyd/yuwgWJnMSF3hDLnM9m+UojMAPPO8FB+OdyK8PM8kpqJtf3yl  
mhforY0MX0A9Wrb2yht+OzTOqjFYxQOrcO7tZ2J5oYj1audjjzya8DxkZkPHRyGg  
pUvUW/ThCkm2+Gj1qxPzNNXUnMrphFAGSIrUimtZh3Ve5PlzNojJTcsmC2CNwfLC  
/GyJfQncvfchNJ6libdvqQ0IgjpH7MAijr358j+1Pev679ssnQDrZfXxMoTFqVSv  
CaWDNdwM/8BuNmI6lU/pgP+fIzXv6O1a8M4nQwVuirRVtCI2YCXr7mu2b2kQXdqM  
Qh0vlT7EC+CVo9Ql2VROYKHxxAWCkXrK7yMsyQZicfYfrD6cO1AEt64YdsEs+CvF  
k7SWcFT2a++hOP7nVedifgGpANKd1LQ8XIWRMeAKtu3JK3R031CZb7RVz3G+hjt7  
zs5T82mToF0gT4O0Dxt7pwTDcSCL4A53zNsgahIg7fL4qxC8vDyU9p4k/l6GJrp1  
VjKmpReRZ9Q=Mm7b  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7464-01

Red Hat Security Advisory 2022-7811-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include code execution and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: mingw-expat security update  
Advisory ID:       RHSA-2022:7811-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7811  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-23990 CVE-2022-25235 CVE-2022-25236  
                   CVE-2022-25313 CVE-2022-25314 CVE-2022-25315  
====================================================================  
1. Summary:

An update for mingw-expat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - noarch

3. Description:

Expat is a C library for parsing XML documents. The mingw-expat packages  
provide a port of the Expat library for MinGW.

The following packages have been upgraded to a later upstream version:  
mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)

Security Fix(es):

* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code  
execution (CVE-2022-25235)

* expat: Namespace-separator characters in "xmlns[:prefix]" attribute  
values can lead to arbitrary code execution (CVE-2022-25236)

* expat: Integer overflow in storeRawNames() (CVE-2022-25315)

* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)

* expat: Integer overflow in copyString() (CVE-2022-25314)

* expat: Integer overflow in the doProlog function (CVE-2022-23990)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function  
2056350 - CVE-2022-25313 expat: Stack exhaustion in doctype parsing  
2056354 - CVE-2022-25314 expat: Integer overflow in copyString()  
2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()  
2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution  
2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:  
mingw-expat-2.4.8-1.el8.src.rpm

noarch:  
mingw32-expat-2.4.8-1.el8.noarch.rpm  
mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm  
mingw64-expat-2.4.8-1.el8.noarch.rpm  
mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-23990  
https://access.redhat.com/security/cve/CVE-2022-25235  
https://access.redhat.com/security/cve/CVE-2022-25236  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-25315  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz  
lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO  
lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct  
Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg  
D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4  
9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9  
ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M  
4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ  
sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF  
8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX  
ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i  
f25ydDFruA4=jL/2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7811-01

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-7822-01

Red Hat Security Advisory 2022-7720-01 - The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: e2fsprogs security and bug fix update  
Advisory ID:       RHSA-2022:7720-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7720  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-1304  
====================================================================  
1. Summary:

An update for e2fsprogs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The e2fsprogs packages provide a number of utilities for creating,  
checking, modifying, and correcting the ext2, ext3, and ext4 file systems.

Security Fix(es):

* e2fsprogs: out-of-bounds read/write via crafted filesystem  
(CVE-2022-1304)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069726 - CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem  
2083621 - e2fsprogs: Update for RHEL8.7

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
e2fsprogs-1.45.6-5.el8.src.rpm

aarch64:  
e2fsprogs-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-devel-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-1.45.6-5.el8.aarch64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-devel-1.45.6-5.el8.aarch64.rpm  
libss-1.45.6-5.el8.aarch64.rpm  
libss-debuginfo-1.45.6-5.el8.aarch64.rpm

ppc64le:  
e2fsprogs-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-devel-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-1.45.6-5.el8.ppc64le.rpm  
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-devel-1.45.6-5.el8.ppc64le.rpm  
libss-1.45.6-5.el8.ppc64le.rpm  
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm

s390x:  
e2fsprogs-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm  
e2fsprogs-devel-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-1.45.6-5.el8.s390x.rpm  
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-devel-1.45.6-5.el8.s390x.rpm  
libss-1.45.6-5.el8.s390x.rpm  
libss-debuginfo-1.45.6-5.el8.s390x.rpm

x86_64:  
e2fsprogs-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-devel-1.45.6-5.el8.i686.rpm  
e2fsprogs-devel-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-1.45.6-5.el8.i686.rpm  
libcom_err-1.45.6-5.el8.x86_64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm  
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-devel-1.45.6-5.el8.i686.rpm  
libcom_err-devel-1.45.6-5.el8.x86_64.rpm  
libss-1.45.6-5.el8.i686.rpm  
libss-1.45.6-5.el8.x86_64.rpm  
libss-debuginfo-1.45.6-5.el8.i686.rpm  
libss-debuginfo-1.45.6-5.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm  
libss-debuginfo-1.45.6-5.el8.aarch64.rpm  
libss-devel-1.45.6-5.el8.aarch64.rpm

ppc64le:  
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libss-devel-1.45.6-5.el8.ppc64le.rpm

s390x:  
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm  
libss-debuginfo-1.45.6-5.el8.s390x.rpm  
libss-devel-1.45.6-5.el8.s390x.rpm

x86_64:  
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm  
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm  
libss-debuginfo-1.45.6-5.el8.i686.rpm  
libss-debuginfo-1.45.6-5.el8.x86_64.rpm  
libss-devel-1.45.6-5.el8.i686.rpm  
libss-devel-1.45.6-5.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pR0NzjgjWX9erEAQhITRAAnFoWBpSbcI2BzXr/x3+LnUzzJyis1MyZ  
riZGIfQBlqO0c67WDLJjSZp0BVu9o+u0yv4nlrohif2s+zntt7vrOg5TkFXkVWY3  
i2ZlcGs9u0hEwBlO6QlSB8Tkk0ky61MgLqjVetcT/y2GAmnooRYUnqs5E+b8elt8  
f9nBJRmQRciRCOYegJPiOxpq9rtKQkFxU4c0M5x42B4aDqmfd2iGuBcMZDcBHKNe  
q2mTgZ7al0VqHT+rDjKddyzyF4e/r70wiDAhYs3DDKiH0ievDtEm4edgWXcxuXrO  
p6wxrSZi5eqK4jE86QJ+DC+wzTyrY5b8JWI6DC4atJk8PfhxRhHAXPTa8LPTMvVm  
N9Vcxx3wbHqrbyAYhkXtyyIWLJNhv79KEYhGLY33blxL2Vb/GcMQs5fiYdVF1PNT  
aH1NikPBlEjcpSMdKyaVN6wWJYAAJEmGqU4bh9zisJ5czIJQWQH9/clS3i7njBZT  
ZZnRy9grj0kNdVgnCTcBkXXPT7Rp/geHGNV9FPJa3Gppj6bAdMEpJQItGebBMZ6X  
mmWDV8eqwjQkTKD/BU+x9J93WIWrEIBk21hqYofiNXjnoqL6ktiGhJaViq3b1nTq  
JmxWdlTOqd7O5kAuU7mDxSxa52cTr7Jv2PcqhMNcCxyWgR/wQiE7SG7zYVyF1FBq  
V9IPXHt4rKc=htvR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7720-01

Red Hat Security Advisory 2022-7514-01 - FriBidi is a library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: fribidi security update  
Advisory ID:       RHSA-2022:7514-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7514  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-25308 CVE-2022-25309 CVE-2022-25310  
====================================================================  
1. Summary:

An update for fribidi is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

FriBidi is a library to handle bidirectional scripts (for example Hebrew,  
Arabic), so that the display is done in the proper way, while the text data  
itself is always written in logical order.

Security Fix(es):

* fribidi: Stack based buffer overflow (CVE-2022-25308)

* fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode  
(CVE-2022-25309)

* fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2047890 - CVE-2022-25308 fribidi: Stack based buffer overflow  
2047896 - CVE-2022-25309 fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode  
2047923 - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
fribidi-1.0.4-9.el8.src.rpm

aarch64:  
fribidi-1.0.4-9.el8.aarch64.rpm  
fribidi-debuginfo-1.0.4-9.el8.aarch64.rpm  
fribidi-debugsource-1.0.4-9.el8.aarch64.rpm  
fribidi-devel-1.0.4-9.el8.aarch64.rpm

ppc64le:  
fribidi-1.0.4-9.el8.ppc64le.rpm  
fribidi-debuginfo-1.0.4-9.el8.ppc64le.rpm  
fribidi-debugsource-1.0.4-9.el8.ppc64le.rpm  
fribidi-devel-1.0.4-9.el8.ppc64le.rpm

s390x:  
fribidi-1.0.4-9.el8.s390x.rpm  
fribidi-debuginfo-1.0.4-9.el8.s390x.rpm  
fribidi-debugsource-1.0.4-9.el8.s390x.rpm  
fribidi-devel-1.0.4-9.el8.s390x.rpm

x86_64:  
fribidi-1.0.4-9.el8.i686.rpm  
fribidi-1.0.4-9.el8.x86_64.rpm  
fribidi-debuginfo-1.0.4-9.el8.i686.rpm  
fribidi-debuginfo-1.0.4-9.el8.x86_64.rpm  
fribidi-debugsource-1.0.4-9.el8.i686.rpm  
fribidi-debugsource-1.0.4-9.el8.x86_64.rpm  
fribidi-devel-1.0.4-9.el8.i686.rpm  
fribidi-devel-1.0.4-9.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25308  
https://access.redhat.com/security/cve/CVE-2022-25309  
https://access.redhat.com/security/cve/CVE-2022-25310  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSl9zjgjWX9erEAQjiCQ//c3fOFXaSK86vN6LQtZQDtRb4lY3e8LA/  
YuAXQrtQzoaXiPGgYv/NBgKdngKAAKdj+NCMZMweNor7s6O5oi6n+YhC8FI0imz+  
enbnrhsbRcOHXq9F1bD7t6mg0/91vbH+risyqJ7A5mG3LH7ZqCs2PJ7WErGCCU5A  
N/PDESAIr80F5+oW2poS++sWbUhzYht4cGSRP1haPAVKCb1r7RSk9o2HXSaYkdRQ  
EBLeuxmBW5Zb/VxWdCdWhCyz/bWjAEHkLdTjBYvSq97kZyH0OIWPhJptg5Sg3afI  
U8VQQjE80F/uMpNAZOej7TawV+JmpPrNkOTcmVw3G6BeggMGNmz8gTKZ7TbnAZxl  
XWq4VYUHHAuKZi4WQ8e9E8P8GSa1+aDSCmRk2D/UJy+TboVEmhW9hyYOvy0NZq34  
idsr81JdwHx2NxhkBpu6tNA4pONgmPUs8O117tO0+gaxw0TgkquQh760mRqyUf4i  
I+1PPEWfBFMYLGc7wyMGNZXatBTJsvUiIxgZHFf2uZivbf7s5qe6RiR0fLKc0DC3  
MFAmaeO6QinyZ0LHlPBcjySXzGQsfJfWAkrFYHCFC1luGz8dUgki9xLOu2nE21aB  
1QwsE8g4AWRPPl+afFB1/GCT5/mYuSqJx+tY+zXFNuTJWlp6a+SgR2LSYvOeZTen  
ANw5l8k4X3wsn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7514-01

Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bind9.16 security update  
Advisory ID:       RHSA-2022:7643-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7643  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-25220 CVE-2022-0396  
====================================================================  
1. Summary:

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

* bind: DoS from specifically crafted TCP packets (CVE-2022-0396)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability  
2064513 - CVE-2022-0396 bind: DoS from specifically crafted TCP packets  
2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
bind9.16-9.16.23-0.9.el8.1.src.rpm

aarch64:  
bind9.16-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm

noarch:  
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm

ppc64le:  
bind9.16-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm

s390x:  
bind9.16-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm

x86_64:  
bind9.16-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm

noarch:  
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm  
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm

ppc64le:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm

s390x:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm

x86_64:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-25220  
https://access.redhat.com/security/cve/CVE-2022-0396  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSW9zjgjWX9erEAQhIyw//SGCFyvcxj0U6yn2bbf0O2/C9simPnh9g  
11SwSlmRGAfEAcVbaczaAUd9Z74ap5lEDdUSagxBdV9HA6OWoTPRYkcikvn4JDK2  
27Kl1/yjsEEdRGpjCd3TjTBsRO/2YsQJwCzpf9iwnD5RJKlX9hty7EIwxRQR9EnY  
SVlaPmUDcXgSfcJ+6SaUahPRkzvZ0tya30oBuqNgAl6UExAiQ+hUN3K7J8by3ZQw  
ZMovwQ3CTyN0y8YJubuTswVyLcNDtQVMk8Hu6EHvdlhc0ZUgH9tXcxGakyA5uF0Q  
7IvKDnGxnVEDBUdSTZp06iX+nhM8RawWJfa95Z1V9nKkOIAA3ALFBWdC8VT+X2RJ  
+GRLIqSVu5lGteA38+G29T8NPHEXWPEzQfuf54Wy9JPWetKHk1o2iCgbLiX4D8gu  
YMylIk0m/CdfkAjDGn2msG+gnCDMLPgyTunYK0enflWGJvaTN3BmSA84/fAci36M  
f+DROFugmjD+meGmDcNxyw72/UB3dARuUJjtlHaym4DIv8O/LuSVo4XgspBLtIJT  
Kh3qDsXzKE2WvkLseynI87E/7C0aWLacDmzf2m4QiTu+4r/tesRxv0oJfcD7c1aF  
DdLGHtWtjuQqu2Yr3xG0IhJiPYdKpB8R5L2p8Lyl2CX26ppgds0m6qUAQGmbz4gX  
1ORsy/EWei0=pWJB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux