Red Hat Security Advisory 2022-7323-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: python3.9 security update  
Advisory ID:       RHSA-2022:7323-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7323  
Issue date:        2022-11-02  
CVE Names:         CVE-2020-10735  
====================================================================  
1. Summary:

An update for python3.9 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: int() type in PyLong_FromString() does not limit amount of digits  
converting text to int leading to DoS (CVE-2020-10735)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1834423 - CVE-2020-10735 python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
python3-devel-3.9.10-3.el9_0.aarch64.rpm  
python3-tkinter-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.aarch64.rpm

noarch:  
python-unversioned-command-3.9.10-3.el9_0.noarch.rpm

ppc64le:  
python3-devel-3.9.10-3.el9_0.ppc64le.rpm  
python3-tkinter-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-3.el9_0.ppc64le.rpm

s390x:  
python3-devel-3.9.10-3.el9_0.s390x.rpm  
python3-tkinter-3.9.10-3.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-3.el9_0.s390x.rpm

x86_64:  
python3-devel-3.9.10-3.el9_0.i686.rpm  
python3-devel-3.9.10-3.el9_0.x86_64.rpm  
python3-tkinter-3.9.10-3.el9_0.x86_64.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-3.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
python3.9-3.9.10-3.el9_0.src.rpm

aarch64:  
python3-3.9.10-3.el9_0.aarch64.rpm  
python3-libs-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.aarch64.rpm

ppc64le:  
python3-3.9.10-3.el9_0.ppc64le.rpm  
python3-libs-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-3.el9_0.ppc64le.rpm

s390x:  
python3-3.9.10-3.el9_0.s390x.rpm  
python3-libs-3.9.10-3.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-3.el9_0.s390x.rpm

x86_64:  
python3-3.9.10-3.el9_0.x86_64.rpm  
python3-libs-3.9.10-3.el9_0.i686.rpm  
python3-libs-3.9.10-3.el9_0.x86_64.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-3.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
python3-debug-3.9.10-3.el9_0.aarch64.rpm  
python3-idle-3.9.10-3.el9_0.aarch64.rpm  
python3-test-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.aarch64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.aarch64.rpm

ppc64le:  
python3-debug-3.9.10-3.el9_0.ppc64le.rpm  
python3-idle-3.9.10-3.el9_0.ppc64le.rpm  
python3-test-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.ppc64le.rpm  
python3.9-debugsource-3.9.10-3.el9_0.ppc64le.rpm

s390x:  
python3-debug-3.9.10-3.el9_0.s390x.rpm  
python3-idle-3.9.10-3.el9_0.s390x.rpm  
python3-test-3.9.10-3.el9_0.s390x.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.s390x.rpm  
python3.9-debugsource-3.9.10-3.el9_0.s390x.rpm

x86_64:  
python3-3.9.10-3.el9_0.i686.rpm  
python3-debug-3.9.10-3.el9_0.i686.rpm  
python3-debug-3.9.10-3.el9_0.x86_64.rpm  
python3-idle-3.9.10-3.el9_0.i686.rpm  
python3-idle-3.9.10-3.el9_0.x86_64.rpm  
python3-test-3.9.10-3.el9_0.i686.rpm  
python3-test-3.9.10-3.el9_0.x86_64.rpm  
python3-tkinter-3.9.10-3.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.i686.rpm  
python3.9-debuginfo-3.9.10-3.el9_0.x86_64.rpm  
python3.9-debugsource-3.9.10-3.el9_0.i686.rpm  
python3.9-debugsource-3.9.10-3.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9P9zjgjWX9erEAQhGOg//ZDzZkxTKFT+w8YfRihGVqSIfaoEvvUoG  
Kuxw9qMBw23Hgb4VK+1ShLScwsuR+g2rJakWxbMdyXlejsVeLw/ACDzc1ICz0sam  
hVmVh1CW+Uinlxr+RH9uM8o/cb4ZUwYUSBNLQap4AG+zXXHfm3T9RKJIGn+NvFEE  
Ga76o3vy3MSdso+moycH37H1VzeX0IUgjvAjuGT9iixRf1MZz9JrZj/Q5vzvfYiD  
ctx5htLG8zX/wxqdO/vkTq0IT9m4ovqB13BWz12DV+00WYdUa+Vq44Hk1qvSSQSX  
cnZ+ALtOdkkd+utqAkyCmcHA7XPf8SLfqopKuVyTyPP/KVf24wrFyrkONuGgmyWQ  
dwBJK1LHWHdH4k1fhxG27S9njh+iI6vST9Eqe2DNDSd765f+Mdj0maxrOVLQaFMf  
TFdujJShx2q+D5XA/N0Xu0LxT/WPZk7NigZkm9h8XlBHae62d4KRps683TgaAeZL  
+6tA8rtL2QOuSu0gh4ho+nkhG2O4AdzUhnTnJxocsRBqFGptYh5CiiLZ8IXPpcdt  
h0PpljsAyktlZV0RpPe3H+nwXejJWRLqBA1aq13U3R9spEhgFq368k+/SG7RWIxi  
3AgEssHPB30cWiwwquA4ODz76byxMP/CEGZbpjhK8zRmJ+VGRN17UcpY7inqICsh  
8wYYE4UodTs=LoAh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7323-01

Red Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:7338-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7338  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2588 CVE-2022-23816 CVE-2022-23825  
                   CVE-2022-26373 CVE-2022-29900 CVE-2022-29901  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions  
(CVE-2022-23816, CVE-2022-29900)

* Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)

* Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Update to the latest RHEL7.9.z18 source tree (BZ#2117337)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9NtzjgjWX9erEAQjkRRAAm/2K718txKtGuCBa6NclLP2TpOKlk8dw  
R3eORyTgVZTrl6Qm6RQSA50kcqMFn6/6hzUto5NRvuSgw4H7I2hg/CS+TQlPdFi4  
0WcZiZ0vbu7csrsAtAKpmWOpu1O1FzNdqSF5MA7s7zZ0oht9ZnszT+exzcjHbgpO  
qVMRhgaKmbdlKkKi/32gZP7IwKIZS+CkhqpHhFy7V736FtNyWFT0VNCHdKCklkdP  
K6gAClFQuMv8npxovTURJfhLjqv6ymcRVrl6KQT3Qlu+iHiy0j18CA3ewW0TdAkO  
IzDOEh+W9gfTR4bgrrUl5+A5oZkkazYqm6joGJBI7uZHv9v3yoOLzP4HAduSVFBC  
AgBo9yhGnP6xXzunT5nYVs0EpnCpHFaJhlxsavm/pKjS+c35enuawyN2l24kACnE  
Kdv3KZ6XQtBTdaR9e/UTqCCiSXznEcJJ0xE4VfKFNtngXrWGftAIcTBMDQpfePP7  
rfBo/C9IT8rKqt1T62M0Xu+NfjoeziKrpPoXi86rn90bw93Mdl0rrmAhTISeL92K  
M5m5DIyPD9HQuX4/3NKWXJDEKgPao+JFouEAlm86YMfFzjxzBE8GXTnvp2xw5vf1  
BJkFxtUe74jR8YqJYO7KxyOS9K9Z7BeqEcvSRwNdBAY6TgcDa5lB347Kcgl1WvDf  
SmJAIcuqXRk=WLhk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7338-01

Red Hat Security Advisory 2022-7329-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: lua security update  
Advisory ID:       RHSA-2022:7329-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7329  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-33099  
====================================================================  
1. Summary:

An update for lua is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The lua packages provide support for Lua, a powerful light-weight  
programming language designed for extending applications. Lua is also  
frequently used as a general-purpose, stand-alone language.

Security Fix(es):

* lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to  
uncontrolled recursion in error handling (CVE-2022-33099)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104427 - CVE-2022-33099 lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
lua-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-5.4.2-4.el9_0.3.s390x.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
lua-5.4.2-4.el9_0.3.src.rpm

aarch64:  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.i686.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
lua-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.aarch64.rpm  
lua-devel-5.4.2-4.el9_0.3.aarch64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.aarch64.rpm

ppc64le:  
lua-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-debugsource-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-devel-5.4.2-4.el9_0.3.ppc64le.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.ppc64le.rpm

s390x:  
lua-debuginfo-5.4.2-4.el9_0.3.s390x.rpm  
lua-debugsource-5.4.2-4.el9_0.3.s390x.rpm  
lua-devel-5.4.2-4.el9_0.3.s390x.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.s390x.rpm

x86_64:  
lua-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm  
lua-debugsource-5.4.2-4.el9_0.3.i686.rpm  
lua-debugsource-5.4.2-4.el9_0.3.x86_64.rpm  
lua-devel-5.4.2-4.el9_0.3.i686.rpm  
lua-devel-5.4.2-4.el9_0.3.x86_64.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.i686.rpm  
lua-libs-debuginfo-5.4.2-4.el9_0.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-33099  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9JdzjgjWX9erEAQheTg//aflei8nmLalr43qUBKZqkDaEPMrvlVQr  
H2425hQv6zIUUNsk+3N+BqJUMMLziVIkBv5o71NFMh16JMqXGrzeNrwPAGVyIt6N  
8AX7vTuOIeJ8fF5RcdOUWHQxodQUMFkrvJjLcVUVHEXfdOllJrep+/l00DmDstBJ  
OumrhkgvBKFHx8krDIl765PO5p0Z5Cfz6rLnfVLMcW9KAkLRlEdGPo3xcIsHAhLV  
xYB/UHuNFo45yArnAX2oBdveS7PB+xzTn/B4I3Bxdjd+fZAzVl2WDlHNwPHPeFHV  
5CYwW5Mfvrm1PcV4pR+RUb7I89o6EZgM70iyhMcK5HcllEPuYcfZXjeQVHadc+aM  
wbY1yTbpY2fUWAKSKs+kM37lUAF/sxBkQAL2CjzquHMwLDa+0RDqjnrVI2t4k6JY  
OMfOC379Y3F23KpH5bYGwrJs3X/0cFkXoye0nnkYTls7/sJ4Uyxy/BdSyzydPwJo  
wVnVmuxV4BwNQ9vGZC+JuGXM/G1Hee3gnU9Cb60+RhPWPCWBwKSnKpULt1jbt4xO  
n7ZfV6W5YNXcqU1DzQU0e644sLpTHeetgy/QIZfMcTEJl5dNKoFf/mj9SpSCILFa  
yn3eu2mp/KSEZ+CXtV0jNwYI6wfsVaWDbi34KK20AAbLI/mSHUV0Pcl7++4IP6V0  
NRgW2g5QG04=WQH9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7329-01

Red Hat Security Advisory 2022-7343-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include code execution and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pcs security update  
Advisory ID:       RHSA-2022:7343-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7343  
Issue date:        2022-11-02  
CVE Names:         CVE-2019-11358 CVE-2022-30123  
====================================================================  
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the  
Pacemaker and Corosync utilities.

Security Fix(es):

* rubygem-rack: crafted requests can cause shell escape sequences  
(CVE-2022-30123)

* jquery: Prototype pollution in object's prototype leading to denial of  
service, remote code execution, or property injection (CVE-2019-11358)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection  
2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences

6. Package List:

Red Hat Enterprise Linux Server High Availability (v. 7):

Source:  
pcs-0.9.169-3.el7_9.3.src.rpm

ppc64le:  
pcs-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-snmp-0.9.169-3.el7_9.3.ppc64le.rpm

s390x:  
pcs-0.9.169-3.el7_9.3.s390x.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.s390x.rpm  
pcs-snmp-0.9.169-3.el7_9.3.s390x.rpm

x86_64:  
pcs-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm

Red Hat Enterprise Linux Server Resilient Storage (v. 7):

Source:  
pcs-0.9.169-3.el7_9.3.src.rpm

ppc64le:  
pcs-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.ppc64le.rpm  
pcs-snmp-0.9.169-3.el7_9.3.ppc64le.rpm

s390x:  
pcs-0.9.169-3.el7_9.3.s390x.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.s390x.rpm  
pcs-snmp-0.9.169-3.el7_9.3.s390x.rpm

x86_64:  
pcs-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm  
pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11358  
https://access.redhat.com/security/cve/CVE-2022-30123  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9MNzjgjWX9erEAQidcA/8CUbH4WDxWDMMNSSKsc1vptCYXSg3/P52  
LArMtnekhn6ZEle0RsB+d7WuHFnA9uQNSKo0pV8ppegAUQqBnfdJlltk43BGjbA2  
mGVa2/DCJn80WcWw17vzNO3T/1HM9hbIo0APahsfafuQVGXTHkjBKLM8tpL+ie3G  
2aAKrDpziMf1/gTg/YxS4jm7pqjIFXJAOVdDZ0jNit9wnzkFJ5JVrAY1GV9+Ckwk  
uAFomsDExOuGR6ZWE1LDona68EaLgamT9F5O1+z5Z7TejbG2ZkEEAAlFmi5Z7tS/  
EuVvR9BjCU8+gvV700HiguD1Ip2hPGVObKjPSFIwSvNf2siuL64/AZs3yaYOTvhf  
u5IHHJPXjCO7FeGSWY0/IH5nohb4Dtz2TK+cUg9ItbDg0k0FwMx/UfZsNwVl7asn  
kfUwf4os/ZuFGn5CcnyqN6wo/sc/0VfNCZ2ldFz0yhaLaJPIWCso1sTxww+ZLlgV  
XQAirYvcug3IdyK5wusZytMPwjghGICgMidxXUttk8cv0jAC1yFM4x1B/BLqjhWS  
uKCh7zDJB2GcBH0M4THybXYG5OwHk2QfoqW103O8ELoaZsBJg6OAYzqHXvCjivsa  
tmt7XbY9xymrVb6JOrXiTqhDGBayqxuc+OzhnzXMHwrfrZMCO78u25zb+te9EzOy  
vveGvf6xVl4=RMfQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7343-01

Red Hat Security Advisory 2022-7318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:7318-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7318  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585 CVE-2022-30594  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP  
option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)  
(BZ#2095653)

* execve exit tracepoint not called (BZ#2106661)

* Matrox black screen on VGA output on some systems. (BZ#2112017)

* The kernel needs to offer a way to reseed the Crypto DRBG and atomically  
extract random numbers from it (BZ#2121129)

* watchdog BUG: soft lockup - CPU#30 stuck for 34s! [swapper/30:0]  
(BZ#2127857)

* Update cifs to 5.16 (BZ#2127858)

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2127859)

* vfio zero page mappings fail after 2M instances (BZ#2128791)

* The kernel needs to offer a way to reseed the Crypto DRBG and atomically  
extract random numbers from it (part 2) (BZ#2128970)

Enhancement(s):

* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64)  
(BZ#2129453)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option  
2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.30.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
kernel-5.14.0-70.30.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.30.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.30.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.30.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.30.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.30.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/cve/CVE-2022-30594  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9RtzjgjWX9erEAQg5dw//ZFjS/ugn0S2QF94xP3PXnxhZgdfOXqrV  
DLv2UvywBFzf8GTz/0Lkf7zl9SQ7QF+ZPf2MHIYLPxqswTOt9XXJKrhcbh5E+zAt  
M3FIGkNoPBKxPalPp9lwjSQUU5fpYMSnOkvJIGx8LasUz7NlRuwQrK7k7Qb0tDqc  
AjXAnvz2bE3G9P1bPbkoYzBYk4J4WYGS8w3GRFzhmqqn32Uex6rF+sH5+YqxYt0P  
24FTJDa6ggybzCbYfFNxEmbySP2s/feTAejA0P/AADxKjURj2GCeTzYZBAiAh07Q  
Ui0wOly0VoFCE1dDiRP0A821mve6WK9OJtVdQGnOwf/XiOxxpZQKDNap8AHXGLiz  
F9uq7eC6u/ISHosgs5z/cyFW/CshAYQjrEbl3LZ9LGFnbV5ZFU6eOxTUhyNp/x0Z  
Re9aD/xEJdA/W4YDd4a6Pb7SzEY8N5N/uhFn8MpEmDEcTp6ydxVnFBiHAEhW7bO7  
5jeneVnc8qQTetNkSvF5EswMISmy9grZMWX+7wx5YLPRKYSWHv5Y7ZcPan8G3QfP  
Atiin4WjSDztlDaHR+y69da2T+aGGHIzXu0if/hlanncWI4YT2i7N99ViTqJJStf  
Xp+r1Jp2xhZYRfrCa5YCn4M8nxyrlaMfQE0IdzTpj8L0A2LTflFAEMC1CedxzWc0  
nXkBWQ86WbA=KfTC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7318-01

Red Hat Security Advisory 2022-7330-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7330-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7330  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9OdzjgjWX9erEAQhHwBAAmFCYqZgU3Cuh3eHw9KxVa9qYDFUDrZDt  
rFO4fWiEhsvuSzTL+4WxHZsHQaW8AbLjWBkCqzPXf/LT64lNs6HRc8Jmhg3i892W  
XVXSDN/EbXBqYkwPJBdI6JqK2S4WQPt1wkGOnMILeIczgoXiBuOrCQGHWkb0LwXN  
Ca1Q5H9pxZyE5/1YzZ6XbTL33NleV+Lc1Lhx0hmeJSSPCJ/YnMOHj9TRz5pxNc+b  
0NXwp8tIvI88PYKVOF84yDFjEAOCp3hNPrngrZpEyVnisqjXh14J451itUvdytb8  
IhEMa7LCgkpvTqUb87zhUq8jvVNJZcpDiCy+UmNZcYVZKJ9p7jmGXb9ExjQMgxum  
gVAvcPHEeE933vLMIhETzmhbs50MA5Drq3+1FyBXoyuPSOCWS0DtcZoQzl4ruQjd  
Dv1g8cliXciv2g7/31kdAJ4DFQVOBhqUW/axjHrQ8dtiXHqJEUExkpIc0Wg7woMn  
abjnlYFGOBAA4Q3zed9034TpbbqDEn7/ZKkPDurPd2DtiT8hTWjqs9Fss56VDmy+  
rMV+hD1FTLst3P3Ky8KcshPVmfX6mU+7SvmZgTY2alS6jmU576Fo+EDeu3/HQsxW  
6idF/qK0CgxKpH10heDmL+G/CV8oAk7Le+ShQMMqw4wTkx/N+ocDffimuv1hLYZr  
yvAqmRXF+CE=Ugtn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7330-01

Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5269-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 02, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pypy3CVE ID         : CVE-2022-37454Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, afast, compliant alternative implementation of the Python language.For the stable distribution (bullseye), this problem has been fixed inversion 7.3.5+dfsg-2+deb11u2.We recommend that you upgrade your pypy3 packages.For the detailed security status of pypy3 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pypy3Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNivD4ACgkQEMKTtsN8TjYcfxAAhkg2+/s7yTHve08CkBReV5cZ+z3cJSCCm53l4CHbpiNcza7IPzi0/GMjEupYEF+Mozvtm2puVgnWRkckuF5Nss3+yZYpHpPug4AHbEQy7GD7OdqVkV6aih0oAgIfd2jeaxzUAEEQ/7Mr+wInMknxDGmW5giFo2vUvR5dESRcfuImyaiJBlT6KUZY5ocMpp/JNcomfI61vJnzpqcnP8MMSLfzQuyyJoWXlUonJJCKw881Em2buRDRIZJJr3Gl5uF4vXUsJEWQqLMvpqJfCwjI+h6gmkZexv8fklU+xF5NFbf8Hlo2mOJq7mZVX6xplm0AhgsaqtM/dm1U4jHFflLvJ6LYTRTP3XqsuysSMhmURE6n7wUZBF/BvCqn747nS3yKFKyWXcP2AuEwZy1awo2xWigk5QJLIpcMcYP1MxLrMYZE2F59xXTctPLdwxZjdT1PZIUmxHVw3+kGDkGB/4EB9DGTYP925Acj+pwnrgBgwisQs0o2vKkKhYMZ3xvUf0BMszbVmNMBHE0YFPtAD/H8ALdxOTFwMtihQzBKvwmiBohn1lLRr00rNpaiYxJVOPxPFQUhI/RrB2m1BD0aAWSPNGZu8THbYyxA+1Sur3DMMRrihDLGfcZj2RzKGMEkUffW5oj9ZQeqhele6vfqHfvWRnhjc8rVkhRlyFCYLsHtnM4=2m5H-----END PGP SIGNATURE-----

Debian Security Advisory 5269-1

Red Hat Security Advisory 2022-7319-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:7319-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7319  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2585 CVE-2022-30594  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 9) - x86_64  
Red Hat Enterprise Linux Real Time for NFV (v. 9) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* posix cpu timer use-after-free may lead to local privilege escalation  
(CVE-2022-2585)

* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP  
option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Update RT source tree to the latest RHEL-9.0.z4 Batch (BZ#2123498)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option  
2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 9):

Source:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 9):

Source:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2585  
https://access.redhat.com/security/cve/CVE-2022-30594  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9QtzjgjWX9erEAQiFLQ/+K6viC4XHwAj5lozXPGUlcQGQbeWWMB7q  
0IMXwfGG+V8e4hRGQkqzBy2xZ5utcryPOCEbtygSbcZVHzyTvZbVU0yxJiH1fKLO  
+YfjYCoiu19G/KRkhOUEOB/23yJE9iKAL78pobh4GRCZ5/dp2tQDgRT7Nh72RXQT  
G/QkCNxQ5KMFtcsVNg4yN8BR5XS2vT83UrQ/B0PK4hcTIGlNw8OD2m6269HvSU4O  
fsVnF/igjUeLCcjCp/bHlT7+mJaTDSOro5EiMtEi2Q12etYIMnFIWBa8C8SzrjQc  
Mtn6Olon8s6uZt7KHan1zjJX6bGCKmnJZULW1IPnpDMWIRHBccOiM7vb9hrQVqCT  
QBWzf9hEOxc6ZzAwEO0mmFC6qrnBQUClZRF1/crDswTcp64RhBBgQZ0LlQvs1M1K  
L8wnuPCL4gY50B9nH2CX2sg8OffX9T8jNakSSbZCLduFvp0r7m2oQOK9vF5lMfQX  
3B9vvq628DDVzveiw/LRxXtrFHAOM/SlYhz8iTp+L9JMQiwIl8c6SRMkXEqvLvLH  
C2iizwJircxlyXO6Jnd36yiy2Acbr24gPP2cycCYvlAWEegTcUAHEAiYVRmNiEzO  
csQhdzfQvGAawuiNSxuoNY608XWFdgBLGnXMjWKEZaxZiZi7W38ptsTgSn6LnEms  
fL5bpq4kKqk=cpHx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7319-01

Red Hat Security Advisory 2022-7344-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7344-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7344  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_71_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1160_76_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1160_62_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_66_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_71_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_71_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_76_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1160_76_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9LNzjgjWX9erEAQhsnA//UwMUCdN9W7+utXqcMS6RGN73XG9tWWwq  
IWdXzGq+LnE+qllL5QeY33PKcAFZSOGLrRT/g1uy2C4K+ib4Y2gJ9Xd4FPfnnmgU  
wCQMNCy8aPPPnDcomwfiAYNhVdH/RLwQniiYpcd4NcD+8Xrwn4X9QZIitT4o7ihZ  
oD1DQLlHylRKiyf1R3QtnkJcdDgkMf2Lfs4pldhjqXkVS2TaK583dG9kXX2SAvWC  
a//aLchmWTL9gECnVEbDE7gSLclR9hNoaMWIKXoHvnathc65nStoeU7YxFB55xrq  
9SU1tHNY2NWUsblsOVGbyUdxsE8UoEXnwBVwwUh60us/XHpcbQD3yIAKBAYuxr21  
FDAKG3QZ+ucju71h7W2mOL9LWd5aFF8tsp7yHoyc2SFI7bDLRPNZSgRMAqhqPohN  
1CIAAUrO2ep+o9/KjQhgOpJS8VZLRLxNFA5xCcQq6g1QWFYXA3waDYxxpDTGLVDz  
mSwiZtUFec1ReepALgo5B5vxpGSRvWWKiS1jh8cnNynwm+u0veF15f9di+jI1B8J  
B8giDVmK/jb1Tp/SqpK1NwFVBnL6WJ56VKAKQ8tEfPtmc6PbIAmOFCO60YEX4Mpo  
i8+sBeSnYiCzoDckA07DAldePiRO6nU6Xph0V16//T1WUMyfTYeQh5HQ1hiDiVHe  
6T8/N5WxKa8=8+4B  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7344-01

Red Hat Security Advisory 2022-7314-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Issues addressed include buffer over-read and buffer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: zlib security update  
Advisory ID:       RHSA-2022:7314-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7314  
Issue date:        2022-11-02  
CVE Names:         CVE-2022-37434  
====================================================================  
1. Summary:

An update for zlib is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The zlib packages provide a general-purpose lossless data compression  
library that is used by many different programs.

Security Fix(es):

* zlib: a heap-based buffer over-read or buffer overflow in inflate in  
inflate.c via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm  
zlib-devel-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm  
zlib-devel-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm  
zlib-devel-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm  
zlib-devel-1.2.11-32.el9_0.i686.rpm  
zlib-devel-1.2.11-32.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
zlib-1.2.11-32.el9_0.src.rpm

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-1.2.11-32.el9_0.i686.rpm  
zlib-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.aarch64.rpm  
zlib-debugsource-1.2.11-32.el9_0.aarch64.rpm  
zlib-static-1.2.11-32.el9_0.aarch64.rpm

ppc64le:  
minizip-compat-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debuginfo-1.2.11-32.el9_0.ppc64le.rpm  
zlib-debugsource-1.2.11-32.el9_0.ppc64le.rpm  
zlib-static-1.2.11-32.el9_0.ppc64le.rpm

s390x:  
minizip-compat-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debuginfo-1.2.11-32.el9_0.s390x.rpm  
zlib-debugsource-1.2.11-32.el9_0.s390x.rpm  
zlib-static-1.2.11-32.el9_0.s390x.rpm

x86_64:  
minizip-compat-debuginfo-1.2.11-32.el9_0.i686.rpm  
minizip-compat-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debuginfo-1.2.11-32.el9_0.i686.rpm  
zlib-debuginfo-1.2.11-32.el9_0.x86_64.rpm  
zlib-debugsource-1.2.11-32.el9_0.i686.rpm  
zlib-debugsource-1.2.11-32.el9_0.x86_64.rpm  
zlib-static-1.2.11-32.el9_0.i686.rpm  
zlib-static-1.2.11-32.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2K9ItzjgjWX9erEAQiHfxAAlO5bDXesPL2aHyX6C15K0NCSqYYSugpc  
jh5XWHtBDSf0tFLDI7D0ru2cDe98WRoQ0MJNZA2HNwCx1tznW6jJX4cnYHlnCeC4  
/thKFW1MfXV/n40Fu7Boq8BmrLCHixTwe/pGuz19YYIJeKexdDmN5mf5tYp01BXW  
uDwCfC0VgwU0zFcG4TXvHZdI+CDTFr/azkC/aXpFCVyTMZAw5ZiTRgu1WL/UKyrU  
prhsHcxXoICqJbJYu5gql3QGaXwGXYP/N7RMlfaSI60FL6trDE5+1f7eJTugsxwv  
jyaarOy7AWlno/lEMrffQ7/9k9xUpowt8Qt0LDjuTP3tPlGULkyb1DYQOUkttniD  
b4X4k/DY5PBwZTOeGsPBbFcvliwcwgMVqmGfZHZcsRc7VSsGzrGsyowVxvxJqasP  
VPjOMOKeQVEf3Kpl0Nvfd5D2k24NlqgXpiLpSevwkJTi6c7VWUPrGGCTmL5XUy8T  
4ISiB+bDwlmI5LxhqOyVdHLeVnNaeR6wxEfQ855CDCXMAeElHodi+KxGvqrWceVQ  
pEinvfduBT1Y8HO8ztDWYJ6KM1r/9JOTiACpMoKGw5KqSQnSrPwCuoZIwlXK6fiE  
C26HKcnaq3GK0IDkT+LaVUtl4k8Ja8V4Rv0OMwU1JgbwTUTI/iQweKDAldn8/cbA  
NVQfk+Oscic=3u2M  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux