Red Hat Security Advisory 2022-7209-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: libksba security update  
Advisory ID:       RHSA-2022:7209-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7209  
Issue date:        2022-10-26  
CVE Names:         CVE-2022-3515  
====================================================================  
1. Summary:

An update for libksba is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as  
the CMS easily accessible by other applications.  Both specifications are  
building blocks of S/MIME and TLS.

Security Fix(es):

* libksba: integer overflow may lead to remote code execution  
(CVE-2022-3515)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135610 - CVE-2022-3515 libksba: integer overflow may lead to remote code execution

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
libksba-1.3.5-8.el8_1.src.rpm

aarch64:  
libksba-1.3.5-8.el8_1.aarch64.rpm  
libksba-debuginfo-1.3.5-8.el8_1.aarch64.rpm  
libksba-debugsource-1.3.5-8.el8_1.aarch64.rpm

ppc64le:  
libksba-1.3.5-8.el8_1.ppc64le.rpm  
libksba-debuginfo-1.3.5-8.el8_1.ppc64le.rpm  
libksba-debugsource-1.3.5-8.el8_1.ppc64le.rpm

s390x:  
libksba-1.3.5-8.el8_1.s390x.rpm  
libksba-debuginfo-1.3.5-8.el8_1.s390x.rpm  
libksba-debugsource-1.3.5-8.el8_1.s390x.rpm

x86_64:  
libksba-1.3.5-8.el8_1.i686.rpm  
libksba-1.3.5-8.el8_1.x86_64.rpm  
libksba-debuginfo-1.3.5-8.el8_1.i686.rpm  
libksba-debuginfo-1.3.5-8.el8_1.x86_64.rpm  
libksba-debugsource-1.3.5-8.el8_1.i686.rpm  
libksba-debugsource-1.3.5-8.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1klltzjgjWX9erEAQivSxAAgzKR6f0zSUXg33N9wnNA6a0Lb4bEsIF7  
al4nC4pjng1Mp/saxg4m7/pH98bX5fQkRVqBirGUsHRbGTT9ThUgQkhO2iIwL6dS  
21qzdeOPOZzw9HCeXtltUk+fs+RGUGnUIbN08wCn0Qsi6eqNmSqOx8lDf7AYL5CU  
4K5O3S7fYg1uFe1iwoZ3+myv0TYGcDuQ8Qsu9MoGigTU7cy4HFWkte72FtJQUd1y  
LClk7tOw0qMIgzAoTli1RqV8GKWO96HbuaQwQ+c+uKt+oc3tM2K9CMXnO5v3lkhn  
Fm7Si+iKnCw5vuwLmLOnpYCnsGkqIDx1FjwBlnkV8VUO7q3RTwFoq7422PV9/uqp  
uDrsmrHaykT1h28gczlR/iwDV9Xfk5gw9xBIyQC49pFtGOeJCeXweyYUL5i3GD3x  
SnE6WfD82XST1exLu4ptNJ6eyoSBzNawsW6bxrUEOHhAU7aWCFiddgt5/NZ9Hw/6  
TMkheHN8OVmMEA4+iVxjZcSQL32T/8g4LZZGCCNTY00lzVbpfLezufeLu5ZtivZ4  
+4hDOCXx9P9U2HdCRhCtbDP0gSrv3atb/6jy8B8rSlPIDabq6sreJQIQjI8auxKB  
HQbRZoiZrpNesS8hpmKEQuVUkFIsXY2/TLOxrfDIXJucNMRNXHJv2LB5BqqneDyl  
T2k6Cn0IE1E=UF8/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7209-01

Ubuntu Security Notice 5700-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5700-1October 26, 2022linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm,linux-lowlatency, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:David Bouman and Billy Jheng Bing Jhong discovered that a race conditionexisted in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2022-2602)Sönke Huster discovered that an integer overflow vulnerability existed inthe WiFi driver stack in the Linux kernel, leading to a buffer overflow. Aphysically proximate attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2022-41674)Sönke Huster discovered that a use-after-free vulnerability existed in theWiFi driver stack in the Linux kernel. A physically proximate attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2022-42719)Sönke Huster discovered that the WiFi driver stack in the Linux kernel didnot properly perform reference counting in some situations, leading to ause-after-free vulnerability. A physically proximate attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2022-42720)Sönke Huster discovered that the WiFi driver stack in the Linux kernel didnot properly handle BSSID/SSID lists in some situations. A physicallyproximate attacker could use this to cause a denial of service (infiniteloop). (CVE-2022-42721)Sönke Huster discovered that the WiFi driver stack in the Linux kernelcontained a NULL pointer dereference vulnerability in certain situations. Aphysically proximate attacker could use this to cause a denial of service(system crash). (CVE-2022-42722)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  linux-image-5.19.0-1006-raspi   5.19.0-1006.13  linux-image-5.19.0-1006-raspi-nolpae  5.19.0-1006.13  linux-image-5.19.0-1009-lowlatency  5.19.0-1009.10  linux-image-5.19.0-1009-lowlatency-64k  5.19.0-1009.10  linux-image-5.19.0-1010-azure   5.19.0-1010.11  linux-image-5.19.0-1010-gcp     5.19.0-1010.11  linux-image-5.19.0-1010-ibm     5.19.0-1010.11  linux-image-5.19.0-1010-kvm     5.19.0-1010.11  linux-image-5.19.0-1010-oracle  5.19.0-1010.11  linux-image-5.19.0-1011-aws     5.19.0-1011.12  linux-image-5.19.0-23-generic   5.19.0-23.24  linux-image-5.19.0-23-generic-64k  5.19.0-23.24  linux-image-5.19.0-23-generic-lpae  5.19.0-23.24  linux-image-aws                 5.19.0.1011.10  linux-image-azure               5.19.0.1010.9  linux-image-gcp                 5.19.0.1010.9  linux-image-generic             5.19.0.23.22  linux-image-generic-64k         5.19.0.23.22  linux-image-generic-lpae        5.19.0.23.22  linux-image-ibm                 5.19.0.1010.9  linux-image-kvm                 5.19.0.1010.9  linux-image-lowlatency          5.19.0.1009.8  linux-image-lowlatency-64k      5.19.0.1009.8  linux-image-oem-22.04           5.19.0.23.22  linux-image-oracle              5.19.0.1010.9  linux-image-raspi               5.19.0.1006.7  linux-image-raspi-nolpae        5.19.0.1006.7  linux-image-virtual             5.19.0.23.22After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-5700-1  CVE-2022-2602, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720,  CVE-2022-42721, CVE-2022-42722Package Information:  https://launchpad.net/ubuntu/+source/linux/5.19.0-23.24  https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1011.12  https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1010.11  https://launchpad.net/ubuntu/+source/linux-gcp/5.19.0-1010.11  https://launchpad.net/ubuntu/+source/linux-ibm/5.19.0-1010.11  https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1010.11  https://launchpad.net/ubuntu/+source/linux-lowlatency/5.19.0-1009.10  https://launchpad.net/ubuntu/+source/linux-oracle/5.19.0-1010.11  https://launchpad.net/ubuntu/+source/linux-raspi/5.19.0-1006.13

Ubuntu Security Notice USN-5700-1

Red Hat Security Advisory 2022-7184-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7184-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7184  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.4.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.4.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.4.0-1.el7_9.src.rpm

ppc64le:  
thunderbird-102.4.0-1.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.4.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.4.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.4.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpUdzjgjWX9erEAQgBkA/+NRpXw0CEdEyyhbWgGRAihB37cl5G/5pp  
/qXA6QnVENRBBVYgmY/7/p0Rw3Ptm0Vh6W42KUyE0Rn4W+DSKzqrdL7lITanZJZu  
jxMvBvjKNBynlmhPEOBodQbn6IkqUrH4qGfHrxbFguruzF1i/Gxc/4nZjbSkw7+c  
M6Cs5ReGcH4B+O5zqYUHYPM/l5FI8dY+5ZF6sq7YSpby57vjHP9XChzY7R3rlMwz  
Oi+1P5/mAquGyzDw5u1s8ogNGVF1jv+KLKktrf0UczUaGF+w0avysD/PJxNQQHXF  
Bu/FJvHK2cTlOjJgv/Mujysz0F28I/WZYM7+iulbQOZ+FSzjeQQsO5rOcCvFdKHE  
JqXI8UWRp4/DONAIla1drdTwKJS0IPyBmU3/CagiZ/HdtfXWaHrz8XJ9meE+79zb  
T9qbXM9SWPON1e5sMIfvXBCnzjDc28bhgYGBlJX2EU3FIEYrMN7DKygfk3+5FxDd  
l5P3khj1LZrrawRgUlRWU8d5oRACs55A0z/lSzMSjKDGHAi0f+uPdNWDfNkN+zg9  
yOS7d/a8pUdUo/XHRA6WOj5OO3wtpc6h+Y6TYLS4EoTp2XeM3zGhAdpkKKfa8lA5  
bDY5le7J53zQTV5trVjc9WJl+u/f9eC1m1rCiGT0PfjC8hkwPKey1n/ZogKB+U9i  
00XEbkeHy8Q=ghrh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7184-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7183-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7183  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.4.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.4.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.4.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.4.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.4.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1go6NzjgjWX9erEAQjVRw//Yk2rJA0Dzf3HfI55D93gio6R57HpiydD  
V0PRvN2Om+I0EAG+qwqBcft3DPKWbD+oICs/f4y7DkPbLGsI9N9EbvnI6yUrWABn  
S3b1mq2QHN8Od3xC3ehS48TPVkLqRRErC87x0tBmm+mtBBNJdT950A/PtVH8xj+p  
y32bOAOj8G5pLQb8PBM06mpT2u3vZpNVqHA23BWISVDVPgkuA7gXLxXu11iYRWRt  
bhKkgj81QJpB8o8OwGtDQqkN9QFLyWo3I6+D6scfihHEOBiP3bAukeKtHcHm2W47  
y2Q006CsZDmHSEBeY4YpHz8H0IqhEOF8drTF4RVDxCoApSvgv1ntAxUO6+tWnfwA  
wTceJAXop1JAA/GVF/QQ4d3EZIs8NbjwMZd8P98do8HF4WYCxJAtA0L4H17WPCkM  
0IwVmDHvV4xU/S/6qJrdq/OiZEwXGx1JT7Zu9h8Qn+jA81kIAvgOBlFOkk8UMXFR  
oOF+EkUDNsYNdSIYBRxaNZ/JahEHnzxuJc0l9O0wfhDk6wrrI2AwGteH6VHgXINJ  
oEK9gnRlgc0QIK5EsuIcV0TYuErHC6mS1+tiCl4t0pcf1Yt53VZWkilNlAv4isAt  
iwFbQFSnbzCuKiYo1My5ZGA5CYwE9L4PzAdRbIasAlb2XIeJ+uCFCCIaqJLbPwKd  
GR9GNZWj+Fo=Z1ER  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7186-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7186  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

ppc64:  
device-mapper-multipath-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc64.rpm  
kpartx-0.4.9-136.el7_9.ppc64.rpm

ppc64le:  
device-mapper-multipath-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc64le.rpm  
kpartx-0.4.9-136.el7_9.ppc64le.rpm

s390x:  
device-mapper-multipath-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.s390x.rpm  
kpartx-0.4.9-136.el7_9.s390x.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.ppc64.rpm  
libdmmp-0.4.9-136.el7_9.ppc.rpm  
libdmmp-0.4.9-136.el7_9.ppc64.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.ppc64le.rpm  
libdmmp-0.4.9-136.el7_9.ppc64le.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.s390x.rpm  
libdmmp-0.4.9-136.el7_9.s390.rpm  
libdmmp-0.4.9-136.el7_9.s390x.rpm  
libdmmp-devel-0.4.9-136.el7_9.s390.rpm  
libdmmp-devel-0.4.9-136.el7_9.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpG9zjgjWX9erEAQgMzQ//Q/iLVKSzeXypnL500ie7uo9YyHTlaeIt  
wu7iWluFzMRtEVgO9EUC23D6Ts31WTtpF96DPdp3O0wfKtZaAgGnyieQ9Krj8hsW  
6QpKBNm77p/IkOH9VtQD8CxJujQDbm2UAxL82N7tJooq8rXHhXrbt6qY6v0eZwx3  
WJcoOMjBeU6BCEQqTRuiPxcZxhWllWVZtmCE7wdxiGMktRKswb5YFMdbJh+JbwHT  
fHDbPAU+MBm4htDC+7U2et3SKjsZPhjPb89F6O3kKw6hrVj/dVpbcO1MzMQ3EKOu  
ZKLb/UBmlgQvuzjzK+W/dh3yeRgJMyFTG57+79eEkMZTCR+q3sAAp+AqREQR8Zeg  
LNxrVHjScknMY2reBGa0BGMkna6D/jsYcCJjijpf1qi987NIZLcotHRPBIqNvXoL  
BtAlXCVVb3J1cvPXRrkVQLs8kN2NLpw8WC6TEYAhL2EZs68iPVHbvJz1NoCENNfa  
06FkN0L89UDhBa3JQkb36qvv3IVGBIgKQRBCJwMQX9WXvbR2RWCnE5IIP4+H5jW2  
l9QV3QYK6jqucGSqinAXOKpbzr+aUXd5wNdKJOhR3GFIO+SPc/kWrLJPbxomZAaU  
2XA599Gp03n1k6rd1L3BYpAGzcR28M9LqU5KKpbrjFvxi+kkGx/p2uVgYyigd6ar  
dihUETdfe2w=J3Nl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7186-01

Red Hat Security Advisory 2022-7171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:7171-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7171  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* backports from upstream for netfilter (BZ#2120635)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

ppc64le:  
kernel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm

x86_64:  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

ppc64le:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gohNzjgjWX9erEAQh9jxAAo0hX0U836zHymb/7X8cI2lgKfgeq8NPl  
lmjvq+JVJ60emyzSrM/tU6/pWrr59SuMN2YuSLU9WgMOFn5q3kMzF0Puht0Vg299  
Uv7UOMhzgJgJIPcZIjfSKULD++vINonnMSEKg5mxEr9YXKHx+wxnYG+1quullwif  
bhxPZFpeNaaovzgGDTIEvAAih04pgoG+4CYbGsN5FtcIbaz6AsON3UruY8fKOftQ  
ZvwzwteOFc6D90ERu/x+NArx9tNhiwjxtFs2gBPOXQ4dDkJZI8NVygbuRh0aqmr9  
lxiFlQqTTXBcwhbCTv7LXYBcGesqpKIaYWMSiWf6s5Vv9qcUOiXKsn7tDJyZUmj3  
0AO6/S5CZZ/i6ziBtUIh5oH4wjcBSNzOzZX6fmDrgq7DSzPeZ/q2BIA13z7bq4w6  
POPMaCsSA/wNotnxlvR3voUDxBAlZ8QgrEt435AmV0nOvncdMgZYqhz18SPe/n7x  
tjBwSfYRzcTJm0oGk5WgDcMofLsQELk4iliqJDL2Td4havr4O+Om0xDQ9oxIX1s5  
GdQ+dHc8Qp0QCCAn74DoI+yz0xLubAFWUF+wKiaVaDAdAe0JWJX4kqaL/I3NqRpO  
gWZDffXyPHnvcEpsOIU7g1q7Mo7ufuFAvKT17CEXSkvJbL4J2JKkxnJWGBWgkVj6  
PdiJqkwxhgQmoq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7171-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7185-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7185  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
device-mapper-multipath-0.8.7-7.el9_0.1.src.rpm

aarch64:  
device-mapper-multipath-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm

ppc64le:  
device-mapper-multipath-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm

s390x:  
device-mapper-multipath-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.s390x.rpm

x86_64:  
device-mapper-multipath-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpMdzjgjWX9erEAQhhlxAAnLYr8LOMnAArHYkmIBZqygypwgl4J0k1  
o7ncHpmStLpV69VzD6V8NCOEeB+xgxYgMTRRsBjszKtutvPM4Sl2yZDHJS7Fyacd  
aS6GcfYz5nx4YSRSPglJ1L8vsaSz/IloIfOEs0w8sNR8CQLZBNEfAIjcVIVDLQAJ  
Hps6A48rnLbDOnYlgN5vm2UweS+hIGXzyc4jj6/kpRMcwzYSRfbWGZE++fLtal6Z  
+Ccka8OkRl6RB6kvE1YXuzwYdkL8xjWZR4PvQS3x4sKQhRI1qdjwCijaNAzuSQMy  
GUyWvwxF6FHzLDSgOCbucMGjFmpQQTx3nIw13J/7kYEKAtRkNV0OeywUmi4yguXE  
Za443sUnaGa1WvirJdrLhVySmVnR623bhbamCD90HvgGUeT6CPJ0gyZfybQWo4op  
EP51z9xlpGKcPKaMd3jkB5L81RMky5mcYLnVjWGOwhA7XfAf8zDtwk39EZztpJqd  
gHG+kCvfmqmbPntYp06wBvYeEnYnlF1dYkPJo7Df31xG0F/MrDs/qLGor6mOKpGz  
pXCX2z1v+xy7wLAFgFYj4jg9rZtNnc1SgMTYZZZGVDw7GrnzlJi76KkOxB4MzIG/  
RiWrz3+EwLQVgQVAyzmBKC26TpIkUxjZDITXX/cJTEsyIwg/CxmPpiilvPPZYusH  
PrKNM5XvBl4=INDC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7181-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7181-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7181  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.4.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.4.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.4.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.4.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.4.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpXtzjgjWX9erEAQgKbw//SKeJmtgvK39I4nnmnHEMvPAvQBni66S0  
ut2glMr63CN0qbsbDYHGjOm6WT4uLzFjwwiK0LmQYIfQLdQCctXBECgUdArDBNCd  
/IPrT3m1kL2If5ge4MApHKQo1c/Eicf2plY8I5R+ql0Xq9fz14WRroZ+RI12SRlO  
zuEkPAAoKABaoHqh/h5hdvsilMqSgnaPepAJbGKRsMXa9vqD2zSZaQ4FT8NR43Cc  
GUA5j5kXzheaLRyuK1KzlYxoD87F1Fc0ygzzljSi2+qjuxk+KsWRSeouVjSYH3sN  
J46fSgb55do1S8QMwzLFtb8liM8DKVENurVtWWDoG7LiZrHrGkzZq6EYEaM1b4kX  
7Yw7igMYf9yj2/n6uehQtQx0CAkVGvQ/88HlZpXzmCjs4ewfqDJ1HrlUy8p7ZnQF  
ndTPelBgUxsd2QPZT3ek8bypD5n8oKEfFUJl0qlsL6KzShmhluOuXsBVcRvp4RaV  
XgmOn3xKjJLaYrDCW3vVW6/CXTlto74OtqZRVJK71rl2W41Lpe3lJ4iontV3d1/M  
Et4XHHL4wvYHOwIFPT1iQS5Zz+phtmrs2HKwZUcSJusZp648rXi/qahfVjz5rnvh  
I7E3GfP9SvtfwQmUrJR6oiyXaSxKebbM47m3di/XmsGZ3+na1B9SdpEFBEVVYPKH  
n6JgqoRWgG8=s8XS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7181-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7192-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7192  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
device-mapper-multipath-0.8.4-22.el8_6.2.src.rpm

aarch64:  
device-mapper-multipath-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm

ppc64le:  
device-mapper-multipath-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm

s390x:  
device-mapper-multipath-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.s390x.rpm

x86_64:  
device-mapper-multipath-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1go0tzjgjWX9erEAQi1Vg/+Jqqq7oYlPu31HClxrkeh1hRVpKM4wtlL  
dhaxdCntvKop7SGOoivxAy8PwnvdeSS8792yx2UJoErMoDCMvks7wKszTiNsI1Yp  
xZdysfmVj78bnkyMfdYSm9Rqwl4I4bC2endGCz8efVREGAAHKIW/ly3rGqRZnNnG  
N1HMy4v+XSvFtGWX1TDyxLNPkxDDdEKVC/cvns+UDUnIRgQHuO3RJ36ZHnYlF8Ye  
HfDIxt1ux1fS8C5JcVBdsKj1pQ0oUs9qkUsW+qxunSTIaGgSQyT2/L8K3NzrcR5d  
ZZimoDWX65binEYUhvKGNChp3cV3lwEJogcGmyeMpP+bF6WsTMCYB3aYsIeDMB8i  
SBmzsJZlI1Eb1Xk69SNGk55MyURpK2+97op51OTdJlhqQnGxqX0UEDXWv7a1Yt4+  
pXNnEWXRDz621bkJKImYYocvsqeX3xwCFEBJuJphuqK0gtReZb1zWbjNQoh97/Vk  
enZoPwjJVakn228vjq19bcxqtAX6kKLe2aHX3PuX2Dz8v8D4qk4nHRao8mHPfkae  
jBr263ltp8DyKOkpuQM67y84xSpyaaYzgNjlSQcmAC9dNmaVOxB+3p7qINxDnj4e  
rMXIohPsciENFDLa7vFSKhC5bcYiMzd+xat75AuB2V5ExqJioh+GtVVlGNhy756m  
47fa2KnK5Ag=in8Z  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7173-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7173  
Issue date:        2022-10-25  
CVE Names:         CVE-2021-3715 CVE-2022-2588  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.6 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in route4_change() in net/sched/cls_route.c  
(CVE-2021-3715)

* kernel: a use-after-free in cls_route filter implementation may lead to  
privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.src.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_84_1-debuginfo-1-6.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_92_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_94_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_95_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_97_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_84_1-debuginfo-1-6.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_92_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_94_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_95_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_97_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3715  
https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpc9zjgjWX9erEAQiy6A/8C67uLSq65p6yUadRtDHkjmZo5ep5xmmZ  
ob2WmG6yx99aLg5YGX96mpoogEU+kUOSgHKahmB+XWZGbS92a3VjPIFIprmCN/+N  
pKgyUXbiKiWmO+qYs12fqSKKoxYbloXixGukXbHbKLDjqrwV6kG0ALI5aen93PjL  
Zz204Q8X/Fs+KeOQmQZklcAmRnzFQLChVXB+UOHIK4S772llcT+GbOfVCs3mewaS  
siYv0dOU/pcclk0CZ3iF1EqKXLsQWmeh/iwZIA5M+g3IF6lhmJu1rz2oq92DmeKl  
4L2MQvBCU2XtmVchvuZVyZ3Xi8QZQfDwVu6blNdTAJsHnMgwK6JA0zB/GVvKADSx  
3pXHTAIVpKkGLjQF4PYnKez+5SUlvmbTwI6ZsAusLAtQDyOlLo5lh55NxMtINfuK  
GgNHuTKyD3aje1j8mXSMRxNkDwvl5Y2h8RPY3NDZ9XjNnTT5ks75lb1wHsWA2C4Q  
epPgCgsZ1uKaU/3SqVFaS3zHnh5wWtaZ7bJVXe87sP+t0TH8goreIhvyC0RhKNnx  
/m0acKsLvBpK6cq1eX7Gl8n7bnl6uphNhxPyodLvlcWrdICePPmsgW3KBCQ8fWYc  
aizY4umnH8cPpRI3Tb6UYsp15HPtSqvoLlBbcxLy+pF2GFJMkcpPsPEbYQ84sFfQ  
87DG6wthkiM§oV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux