Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:1454-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1454  
Issue date:        2023-03-23  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-1471  
                   CVE-2022-4415 CVE-2022-34174 CVE-2022-40897  
                   CVE-2022-41354 CVE-2022-45061 CVE-2022-48303  
                   CVE-2023-23916  
====================================================================  
1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* ArgoCD: Authenticated but unauthorized users may enumerate Application  
names via the API (CVE-2022-41354)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41354  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBzBVtzjgjWX9erEAQhzXA/9Eq6aEKRFZQk/k1rj2PJ2yNohxZKK0zkl  
5BLVG9bNjsHgOAq2yoOQkdGH9ZqfCh31V5VtBkPRtbVHwM03l2ixG+Nb2EDonn4W  
YMUwBx0+juQPjECzWPwIed8UDN1SbmEcZarsTFZQFkgxuV/OLx7lQcfdunSRMlNv  
hwhvGVjd0b/UWqbtFZV8zg85k4FGdH3Mdl2sEKAAP16QTYx1yWseOBrJalrFYYDg  
9K/9qVol2KXb34MRtre+l4ohxf/rfGzlaw0bvlxQFPUs6mkdKZT7u6nZgayk0wbn  
LVwdLmpA4zbbFGzncRZQ1rWKN0lg+rFODKydKhiy0CkG+sMVcvwgdwg9vShuTdUE  
86KWPcnZzcn3Gh8wJ+ae4GmtjenETv9p7wON8Z85A6cKhfYvKkZfJCquPuN8cIJG  
1f6b8Vdap0rA4nP/GV9KtbzwWDe16qIZTb7mOTtqT7iXgG27zr1ErjnceokntE2g  
Yjbcx/9IWA47TKAfpIDzA91QrhbRX2lEqnQdrfpYfeTx8VnozC48K0j5+fMgDFEp  
OEOnjG74VTLiYgVwPMr63roEToTgUwGkjav/Zl4/yNkUFn25RWSQk3r+z816aBvJ  
6x8CKCc9sjKdUU+1n/1kxC6btQpk2xM3YPoU54yos412kcikfmapGGePASpY5sdK  
8B7lgIl/xhM=Hcu1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1454-01

Red Hat Security Advisory 2023-1452-01 - An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:1452-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1452  
Issue date:        2023-03-23  
CVE Names:         CVE-2022-41354   
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* ArgoCD: Authenticated but unauthorized users may enumerate Application  
names via the API (CVE-2022-41354)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API

5. References:

https://access.redhat.com/security/cve/CVE-2022-41354  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBzBVtzjgjWX9erEAQi6RQ/+JfxD64NTPljBopSNQSuDFtEBIiohZguZ  
2ydP/fVMGMksww/EPIhyh4gczYdq73hk2+V6P2RaCN87DxfBRpvLLc4x+GqS0bRn  
ZkgaSe0UArP7fiPQu4krszGlFjEwm/bSXBDFcWA1anb8lEvQ+/dUiR/kjWsHjLXZ  
6yU/0OEot4DGuLPvq7Kkj4sZ37/gNAjNIE9Sh46lnDWTD7nxZ1Si1UAJ2uNjfj52  
gUUk5UxQRgg/5wuXucBSeU+IwK+Qh16mUAtAmJLn2eoIsM3kMisq3UL97oszrU32  
J62w6Fu3mxJ1Axfz6hv5V/80W27Lqtkn60DH+UwpB9pvrraEVKWxQd+fM5NhjBnS  
xgERYbDvh3SVMFHphkldFCYu6yOwkCS3uSrrpe/7wVRPmC9V8v0oMAZ9wlhczQs7  
3t/4dfLfLgmWlApdJBEApwXnLWRPTKTverJwHtaHp1hnXO17Olm6XdaxhAwHiXF0  
kXCFWXl3Sq/bb4Zyp6cbAEYdlWAiOA5qw0Hg89iciXXQ7v9eTSRXvH7ddNGFwlnW  
fl7RrM/Dn6zLGsOnz70kZc8QZCy+YyrT+4j3CIiOHity0dlDn+pvTJgtXvgS2LoZ  
zkuvktkhnePFgosSeMRLjPV36NjLD8E2vOuZqec3uooRzQ2afdFDHV6Ewreu2dyk  
PLaxEL0Z8sE=  
=vMuw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1452-01

Red Hat Security Advisory 2023-1440-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1440-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1440  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
openssl-1.1.1g-18.el8_4.src.rpm

aarch64:  
openssl-1.1.1g-18.el8_4.aarch64.rpm  
openssl-debuginfo-1.1.1g-18.el8_4.aarch64.rpm  
openssl-debugsource-1.1.1g-18.el8_4.aarch64.rpm  
openssl-devel-1.1.1g-18.el8_4.aarch64.rpm  
openssl-libs-1.1.1g-18.el8_4.aarch64.rpm  
openssl-libs-debuginfo-1.1.1g-18.el8_4.aarch64.rpm  
openssl-perl-1.1.1g-18.el8_4.aarch64.rpm

ppc64le:  
openssl-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-debugsource-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-devel-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-libs-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1g-18.el8_4.ppc64le.rpm  
openssl-perl-1.1.1g-18.el8_4.ppc64le.rpm

s390x:  
openssl-1.1.1g-18.el8_4.s390x.rpm  
openssl-debuginfo-1.1.1g-18.el8_4.s390x.rpm  
openssl-debugsource-1.1.1g-18.el8_4.s390x.rpm  
openssl-devel-1.1.1g-18.el8_4.s390x.rpm  
openssl-libs-1.1.1g-18.el8_4.s390x.rpm  
openssl-libs-debuginfo-1.1.1g-18.el8_4.s390x.rpm  
openssl-perl-1.1.1g-18.el8_4.s390x.rpm

x86_64:  
openssl-1.1.1g-18.el8_4.x86_64.rpm  
openssl-debuginfo-1.1.1g-18.el8_4.i686.rpm  
openssl-debuginfo-1.1.1g-18.el8_4.x86_64.rpm  
openssl-debugsource-1.1.1g-18.el8_4.i686.rpm  
openssl-debugsource-1.1.1g-18.el8_4.x86_64.rpm  
openssl-devel-1.1.1g-18.el8_4.i686.rpm  
openssl-devel-1.1.1g-18.el8_4.x86_64.rpm  
openssl-libs-1.1.1g-18.el8_4.i686.rpm  
openssl-libs-1.1.1g-18.el8_4.x86_64.rpm  
openssl-libs-debuginfo-1.1.1g-18.el8_4.i686.rpm  
openssl-libs-debuginfo-1.1.1g-18.el8_4.x86_64.rpm  
openssl-perl-1.1.1g-18.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQgfIBAAoZdbDRt1tK2saOKwSBubbkgrG/ObtOka  
yr2fVEt+JUBMWpuJxuUoMxp/tYhsYO0rJTuOXpjcpxGW1mcchp5CSRArNcPX7vrF  
YGWPMPPoAFQFAF5ST4V+jTlRTvhUBmlQlFAQEmogoX/pnqtUdI95rZXY7ELpnhQk  
SNKec7Iw+PcD1JNg80a6J95OjhHtNCM5tLhJgsIrb3kvhmPMzjnSh2UftTXKc1oE  
jzQjxTS9Zj/PZmY8vRnTIeYdx/aXdcjbnSOPnif0QRDiyOmZTdN081UwePbHJk9E  
8QDi72MSsbMuQjfVg6PtP+oZvALcBOxVV431ie3uivF3gosawPjnqUnaPfGK4eY2  
igpSt3KV4gDIlbxK2HhM+Mr+5RhnQ+nN5zY/Z362IAMsKhZ+C+M36K0CksNOZYqF  
56RjgvN4sI/oydTJ21RBBHpAf+Hl3BOpyTo2uj4YwUZY9Oa78VrQ9J+LM6bmP/G4  
1huLqDa8KwDFEsnbVcICHgVk0Iq0ioIK3IBsHhG85XLKPWgvLeSzaBxiwsNxwPlK  
4Wsqm6p60oj9R7xRIVkNatSJj505NXAAN0c2l7/hNUShcyRJqwnxAMO4xvVHlcuL  
aNqzrdA5Ichos1BkHXuT7cZp8nEp3eUPum0IzuPZe/2esOYpmKHCi1ptcSmgbx4u  
Lcf49d75pmE=LYX/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1440-01

Red Hat Security Advisory 2023-1445-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:1445-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1445  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.9.0-4.el8_2.src.rpm

aarch64:  
firefox-102.9.0-4.el8_2.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_2.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_2.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_2.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_2.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_2.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_2.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_2.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_2.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQixHg//RWiaOesinr2/sJLEG5HsiPRSNlVGLKDs  
Vz4jRqnM+E1ssJ81zR9IAacb2tRFroYIWfJzCfy3N+gnyJ6MZa8fXmf9P955tNNm  
zTWvRp3pqm6pDDS5wuL/26lMEQu+UwCOIWV7av3QfLTNoNhmUXvQNlcgy5Aamq9m  
WSLdIxNEA+cmeEHuxfaG8vj6lXPH7WtuZ06dB1YP+x8d09HbWrIgSPjVstefEN1A  
vDNrFeYfDeFM/lI6PM50M837fAuUYmcndp5NOn0f3qWtVcCRRFFDED/tPgtjQfN9  
g5Ot+d39s7RILw999HHFg9kNZowjxvs+u/YQJogcUVJd0jZ3hW1Bg6pGwLYs2sBq  
vp4HXNT+xYkXzvDgcO94Sj/lU8jLPJjbUkmISLNjxHdqYDKSza5yrTTucvB/+ZmG  
TeSiyNhy4+XireUkz2IO6n16ZrtbK0KrHERPvSeTXQZ8x5OpScfUvcPLrLe8/AbL  
Tazrl1LJskPWYqLaEQH1M9zhSnAQgUcrva3pIJFIwDZDz3Hzwhur/3o3knVhGWyG  
shNGxJW27BowQrfT2rTJc3RkHCjSHL2QgB5ZHmpZl9p6wxTLlUN8sgP3eTg41zzd  
iPZgpyWgjzOyzTFXB8MCdGzIMDgltpAkNN4e6jRGXTS4QDCzpl4sFW8GM44hiUDp  
v1BFUoMfblo=s9X6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1445-01

Red Hat Security Advisory 2023-1444-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:1444-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1444  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
firefox-102.9.0-4.el8_4.src.rpm

aarch64:  
firefox-102.9.0-4.el8_4.aarch64.rpm  
firefox-debuginfo-102.9.0-4.el8_4.aarch64.rpm  
firefox-debugsource-102.9.0-4.el8_4.aarch64.rpm

ppc64le:  
firefox-102.9.0-4.el8_4.ppc64le.rpm  
firefox-debuginfo-102.9.0-4.el8_4.ppc64le.rpm  
firefox-debugsource-102.9.0-4.el8_4.ppc64le.rpm

s390x:  
firefox-102.9.0-4.el8_4.s390x.rpm  
firefox-debuginfo-102.9.0-4.el8_4.s390x.rpm  
firefox-debugsource-102.9.0-4.el8_4.s390x.rpm

x86_64:  
firefox-102.9.0-4.el8_4.x86_64.rpm  
firefox-debuginfo-102.9.0-4.el8_4.x86_64.rpm  
firefox-debugsource-102.9.0-4.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQjFAw/+POMLis7JDkGsJrJysMHCnABjVMQOFj2o  
eTv2yQG5FekOOXpbeoR9hNWZmI3EKQ6weJtRSKqcPZHC5vBpoTLAPr1gJ8r6eR6f  
msbEAczb9Qx2b5f6b95bvnWrrdVDOV+hso1QTJZhSSXWtcdiHgX3RnyUx3kvqcCx  
v9aib86RhZBKBt6IsXpNOFjKzR9tGXghHgN6tUrvc1h894GmcC4yjZj5jAcwzyQS  
gOytV4CjzZnfUaU0J2mOs5KW+nt0zmhMC9U/hHBeS5WWGfO4w+psk79GoZi0MBzQ  
DWehVqtblQWO/4eYRnAm2kfKlV9wKoRAXnZfSKfLE2we+R5csIxFNXCSjhXf94c5  
cvNZiLisQj3qDlo0tEZZSNUYV+CUs5Ay2W2ultkBVTqkWcJSwygW+9Ff0SCxTZUA  
1nciKqoCCdc7sh5cy7lyR7S73gDWp1iPpg+1zrEpsrSIQ8pKSmeoXFyKO/ALiEai  
qlCkpjM91uUipDDFuvSC6EyQPmwYzyo3BfPe33pK+eIhDxNnTx8J7aVgH/dfvY7U  
OHkHWWZfzM68zGhFa1ddA2HwghNGVn//g+xrG9U1QJzf83hcLkC6NxIfmkfJODom  
yRgo93DpoCuOtPYp2I8oCEyncmB0D3YOWDzn+k5+BQH7V5dAeHMRiiELjs14Tnqo  
50sdrHMYz/g£8J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1444-01

Red Hat Security Advisory 2023-1437-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1437-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1437  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
openssl-1.1.1c-6.el8_1.src.rpm

aarch64:  
openssl-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.aarch64.rpm  
openssl-devel-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-1.1.1c-6.el8_1.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.aarch64.rpm  
openssl-perl-1.1.1c-6.el8_1.aarch64.rpm

ppc64le:  
openssl-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-debugsource-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-devel-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.ppc64le.rpm  
openssl-perl-1.1.1c-6.el8_1.ppc64le.rpm

s390x:  
openssl-1.1.1c-6.el8_1.s390x.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-debugsource-1.1.1c-6.el8_1.s390x.rpm  
openssl-devel-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-1.1.1c-6.el8_1.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.s390x.rpm  
openssl-perl-1.1.1c-6.el8_1.s390x.rpm

x86_64:  
openssl-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-debugsource-1.1.1c-6.el8_1.i686.rpm  
openssl-debugsource-1.1.1c-6.el8_1.x86_64.rpm  
openssl-devel-1.1.1c-6.el8_1.i686.rpm  
openssl-devel-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-1.1.1c-6.el8_1.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.i686.rpm  
openssl-libs-debuginfo-1.1.1c-6.el8_1.x86_64.rpm  
openssl-perl-1.1.1c-6.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQj2fBAAonoENVQK1z0o1faaI5kJcpcjudplrNTx  
CWn5Q1bA7ZOU+8F4kocdGWUHfF7IIFHmcV/bfkz0pyOEx14pHdi4gbfp7DHMg+vh  
TnJBtCqCJVGWmoDu4qUzm81w96lSgRTFweoMdk8DZL8GBfPF7ZW4q46A8oBCxkXC  
jQ1gAhHZEfeDKCSsQ+JJvtjSZdAKCf3iDimy6FMFHDLg9hqXns+UXZ+7mJD3UpLP  
gqfzM8a1+YonxtC1piovlY7KaWV7EpgufVCzILjwXiLeKivfUo4SGDdw+fsv5rzr  
ex1qOKg9mucu3nq5eoZaOomtrvhFW9P8igS1aZVWNcdhv/nbYBkhUZ04U9wwnOru  
t5936OJzyl5gQxKTA3RCX45z4qs6TUE07DB4LYSrmXj1yQXZcwahJIB5/N63ttbn  
pqt04m9xLybFsn2+8TCOiBwfZUkrKsoepjBVrqcC05yfL41fsoZao7ZwLSiptByZ  
UO5Xy4wUQjOIRCqUkquE2GidOhVdIvQhrjOj2tsaW3vHSXsYLICBxru5fOTKsNdz  
fKdIDy0S62gU2QQeSWBukCIZTnWw7sfxWZJ1p4M//JgbA5njA59iBTv+zNSQ93pr  
I/GPiwNZInjgIWFPaUkrvn0O5VejKPb+i6Mz5ACd8GJPWOFxjxDCbnarqAlaMi7D  
s7TQu68jDN4ÏEA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1437-01

Red Hat Security Advisory 2023-1439-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1439-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1439  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
openssl-1.1.1c-21.el8_2.src.rpm

aarch64:  
openssl-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.aarch64.rpm  
openssl-devel-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-1.1.1c-21.el8_2.aarch64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.aarch64.rpm  
openssl-perl-1.1.1c-21.el8_2.aarch64.rpm

ppc64le:  
openssl-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-debugsource-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-devel-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.ppc64le.rpm  
openssl-perl-1.1.1c-21.el8_2.ppc64le.rpm

s390x:  
openssl-1.1.1c-21.el8_2.s390x.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-debugsource-1.1.1c-21.el8_2.s390x.rpm  
openssl-devel-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-1.1.1c-21.el8_2.s390x.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.s390x.rpm  
openssl-perl-1.1.1c-21.el8_2.s390x.rpm

x86_64:  
openssl-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-debugsource-1.1.1c-21.el8_2.i686.rpm  
openssl-debugsource-1.1.1c-21.el8_2.x86_64.rpm  
openssl-devel-1.1.1c-21.el8_2.i686.rpm  
openssl-devel-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-1.1.1c-21.el8_2.x86_64.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.i686.rpm  
openssl-libs-debuginfo-1.1.1c-21.el8_2.x86_64.rpm  
openssl-perl-1.1.1c-21.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQh6gw//WJqLt9YyobqWOBG/NpiC73QzLQWHbVIh  
QPwDMXRYgHGUynZzutvtJsO2wAuWlplIdvKkHQRqYBFLJBVjZMz1PzgFm5EWZiY9  
4VNXNiP95rAU/IyhBqJKiHMtIfqmQPhO9DD/BKafUjc54umAowSBmZyHL5LnCtka  
XApVLo035R1mwUNWQsc0pOULWRDNKoYjZE7QR9ioUkQKSNC9zBgUXnS08uPh7BHD  
HjxsugjqH/3HNaLzF+56oKmFsZpbw9ZSnOfoM8pqBl1+A7twToR/8VvEKfvfhbid  
v+PaAH7SQcavJq7ot9p9dpNvfd161QXtK9tQXmbNC/WLSY3pYy4ju7GdDfedeS45  
63tDSkN1TVTiZnYJ4DcvEovWKfERLfw0ejdn0vQwAEHYEVlqFGsGMDFsHw3QTMGN  
hF8ynU/OB+pXOe2/V0PTvXix1c9NemE3jejQH/+I54TJTv0MWtSpq9jVTwGiqEFl  
oNoO4TQqPWHhOhfPYy7Kwom200ND6PKsiHdfSNlpB7SWbWXsvscY6Bn9JN8E9rff  
ubQcuoFR/9i8t9hoj2mPr/vcAqc5l/g75KwhHZD870gwuf7BgzOWQdmGlmA8KKRx  
9qmiwEZxPbQ0GL4hFX3H5LKntkt8w6DlhCXQzlM7cWZHI7M5jj7mxjlYJ4EDRC5C  
NZEzG8SUmpA=Knf2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1439-01

Red Hat Security Advisory 2023-1441-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1441-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1441  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
openssl-1.1.1k-8.el8_6.src.rpm

aarch64:  
openssl-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.aarch64.rpm  
openssl-devel-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-1.1.1k-8.el8_6.aarch64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.aarch64.rpm  
openssl-perl-1.1.1k-8.el8_6.aarch64.rpm

ppc64le:  
openssl-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-debugsource-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-devel-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.ppc64le.rpm  
openssl-perl-1.1.1k-8.el8_6.ppc64le.rpm

s390x:  
openssl-1.1.1k-8.el8_6.s390x.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-debugsource-1.1.1k-8.el8_6.s390x.rpm  
openssl-devel-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-1.1.1k-8.el8_6.s390x.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.s390x.rpm  
openssl-perl-1.1.1k-8.el8_6.s390x.rpm

x86_64:  
openssl-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-debugsource-1.1.1k-8.el8_6.i686.rpm  
openssl-debugsource-1.1.1k-8.el8_6.x86_64.rpm  
openssl-devel-1.1.1k-8.el8_6.i686.rpm  
openssl-devel-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-1.1.1k-8.el8_6.x86_64.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.i686.rpm  
openssl-libs-debuginfo-1.1.1k-8.el8_6.x86_64.rpm  
openssl-perl-1.1.1k-8.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEGRAAk+B4NZVXOw/6ESexdRQa3UoAJBzJ6KaY  
IUjQ45hsLjQQd6bYj79D4V6onHaCUZwxD5KPzAL8rz29gfUJbN5dAef4F1Zq+k3Y  
5dutPiVFLZ5C5wuX2cPgKp6GOsShlwWR/D3pjO67L+oeQEoYJ1K9nhqc5Pg/2dbJ  
5mPejApHZ5iw6V3XQq8s9hHmkRB+dF7jKzRFjttBk3Enec5Y93krT90L0oKkarcd  
Q6oNqtcQBnMK2994D9LdKri9uYBZ+PTpgchfGxsIaceeJwGaslNxyNAbsk5bywHC  
3F7ajsM/VkbpEPYqonjX4Ww+SjR4qnfBAhSJDn88GP29I0htmNlsk8zRpwbKpdxn  
J2CbdgHASLoKMa6+o3tpkSQgwgTjoL4Z9yQvCTW1O6Q+21lKEfwCIqoh70BzINy3  
fN13qgUocmC2H7DT/cM1yxG849qUt0QCN0Y6UmIZytzdfTPib5ZR0PK7z8NEPih8  
cFr2uIGKa2UvisJ8wtSQ3KiIWjy+cU7zbPJAh6QDch82wLPrBTy7koyB+9qbZ408  
Whff+suKBHWxNXLwjnS2N6U7uodZry0cCTlusoi8VrLLkg64LY4++VQZfofUmjqz  
WSFFcRGdZNbCi9XFWCJWZ+suiNiuRyKhzM7y8GlAyCdHb1uzk7g4fKIiUkd0tthT  
FS5/PuRmzNI=pQbM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1441-01

Red Hat Security Advisory 2023-1438-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: openssl security update  
Advisory ID:       RHSA-2023:1438-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1438  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-0286  
====================================================================  
1. Summary:

An update for openssl is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and  
Transport Layer Security (TLS) protocols, as well as a full-strength  
general-purpose cryptography library.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library  
must be restarted, or the system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
openssl-1.0.1e-61.el6_10.src.rpm

i386:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-1.0.1e-61.el6_10.s390.rpm  
openssl-1.0.1e-61.el6_10.s390x.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-devel-1.0.1e-61.el6_10.s390.rpm  
openssl-devel-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-1.0.1e-61.el6_10.i686.rpm  
openssl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-devel-1.0.1e-61.el6_10.i686.rpm  
openssl-devel-1.0.1e-61.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

i386:  
openssl-debuginfo-1.0.1e-61.el6_10.i686.rpm  
openssl-perl-1.0.1e-61.el6_10.i686.rpm  
openssl-static-1.0.1e-61.el6_10.i686.rpm

s390x:  
openssl-debuginfo-1.0.1e-61.el6_10.s390x.rpm  
openssl-perl-1.0.1e-61.el6_10.s390x.rpm  
openssl-static-1.0.1e-61.el6_10.s390x.rpm

x86_64:  
openssl-debuginfo-1.0.1e-61.el6_10.x86_64.rpm  
openssl-perl-1.0.1e-61.el6_10.x86_64.rpm  
openssl-static-1.0.1e-61.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7NzjgjWX9erEAQjEng/9H4eD9JfHPrMo7I2nNn5BmFSsAkVKGJmH  
S+UwS28apMed5VKlk+kZuBlJh3q6FhE2TlEU+bQ2FjJCFi77UWzlI4upEvjbq//1  
p+U+3/mW1safS9tGkWzQ412ZyEJFwmiO5LwBdzTg8MFwt1DnE3Dqhx+DD5DY19hN  
+v8tOPVDKG7WthUB0bnzI38GKAo6xCNwHXAH/22SRgBMbxMp6PY9NoiXpNt8YON3  
YFIW16qvTpjfWtKvalhmg97icKyxEh/hOXThHgaLT8m39NfiMrb0uNYMOsPuYos8  
/uXuQXSlGCfKSAf6wz1KMa94fg9p1GXuW2dLM+hgjENcIKGFiB6Wqp6LrrIezT1j  
0v4XRtcTp6Qhq2YR+053EI1VBZa7Uj0icWiN8o0efgOezX7LdyucRMa7jWkPac72  
ewpf59CSsUuvuh8+DJhZAr1bnK1LDiP9WwAmL6KC7pe+/hGGHuPNxmA3bB2pNRXu  
k9CAuxTtpEGqM8NpvvtnixNJ/vhvJ1r7jQErwVDLSBNlYEtEDxPk7TsDxdhlA2Tf  
o6aZi4yMFDdJSrktR96t+xthkgjkHicMn3wt+XSFzXAWNf0+nBR6Jm8PxD19eApB  
DDI0U0Alkd1mG9EehN/gDegTorACR+lJccdgc0O+j37rtMNuxGT9LpiwWJj5xn7i  
dKBbvGOB2ok=W1uu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1438-01

Red Hat Security Advisory 2023-1442-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1442-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1442  
Issue date:        2023-03-23  
CVE Names:         CVE-2023-25751 CVE-2023-25752 CVE-2023-28162  
                   CVE-2023-28164 CVE-2023-28176  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.9.0.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation  
(CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9  
(CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams  
(CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the  
same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation  
2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams  
2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets  
2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation  
2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.9.0-2.el8_1.src.rpm

ppc64le:  
thunderbird-102.9.0-2.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.9.0-2.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.9.0-2.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.9.0-2.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.9.0-2.el8_1.x86_64.rpm  
thunderbird-debugsource-102.9.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25751  
https://access.redhat.com/security/cve/CVE-2023-25752  
https://access.redhat.com/security/cve/CVE-2023-28162  
https://access.redhat.com/security/cve/CVE-2023-28164  
https://access.redhat.com/security/cve/CVE-2023-28176  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBxs7dzjgjWX9erEAQiDhQ//WZN53iMM+vQklg2sgeqWFU4w9622Ndy2  
UiCyKDvrDPVaT09ZKpjvjVFVMitQ/D4M4P7HVvyduqA2rs/DMoAF5OcDHKJKzJpn  
AlOy4ti6dsnozKSmuzAl9UbZqiuvevnoangePNvnClxEvDX8svAxTrARIJ0AkC1F  
OmBpycj2C7B3MzSLcw1WtiL5rDkV06Za2oGB2h5Bj5u6Nw+frx6qZ2EBR6Lwhbfh  
qgZ78hj0bd/kaPLwZOmWaYfjA0Fl6xPdnWwlYQsefDmHJeyatO8fEuNTaNNFnBuf  
nZSnuCNRY0D+WUXChA2sRvc4+tJkeoBIL7XVBYocSOZDChpHBBk5uYTAavE9npYh  
t3T/ji28j0EN4F6SjUKA/BrCb4YMngDozHbhflbUNReKc/TN3O9BtD1Owy0gw3/N  
YRW93nrDaZ/FuaKm4o3rzJDXYaiYWWcm8aaQALqZq3jnTYaq7Mov9ARNEkOYSXKX  
ZnkkDJNIkUWsdxispXx/qacTR6jxePEeX3fC5/nYIuKr19mbxJpbErU4+3WrXwpt  
pmB/Vl2sybnvqr0wdM4LSTbfsnVfRn/+rqBUJC2n8wRPeTp2HzXF3Sv5cV+Fw8Oy  
0pFAHaOdU7eC1yMluHdw9a51wJH6U3G8L5SJp7uHPH9fSRpHocS+ncbQ1+eGMvRD  
WlWFLUh+aHo=5PlR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat