Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7183-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7183  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.4.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.4.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.4.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.4.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.4.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1go6NzjgjWX9erEAQjVRw//Yk2rJA0Dzf3HfI55D93gio6R57HpiydD  
V0PRvN2Om+I0EAG+qwqBcft3DPKWbD+oICs/f4y7DkPbLGsI9N9EbvnI6yUrWABn  
S3b1mq2QHN8Od3xC3ehS48TPVkLqRRErC87x0tBmm+mtBBNJdT950A/PtVH8xj+p  
y32bOAOj8G5pLQb8PBM06mpT2u3vZpNVqHA23BWISVDVPgkuA7gXLxXu11iYRWRt  
bhKkgj81QJpB8o8OwGtDQqkN9QFLyWo3I6+D6scfihHEOBiP3bAukeKtHcHm2W47  
y2Q006CsZDmHSEBeY4YpHz8H0IqhEOF8drTF4RVDxCoApSvgv1ntAxUO6+tWnfwA  
wTceJAXop1JAA/GVF/QQ4d3EZIs8NbjwMZd8P98do8HF4WYCxJAtA0L4H17WPCkM  
0IwVmDHvV4xU/S/6qJrdq/OiZEwXGx1JT7Zu9h8Qn+jA81kIAvgOBlFOkk8UMXFR  
oOF+EkUDNsYNdSIYBRxaNZ/JahEHnzxuJc0l9O0wfhDk6wrrI2AwGteH6VHgXINJ  
oEK9gnRlgc0QIK5EsuIcV0TYuErHC6mS1+tiCl4t0pcf1Yt53VZWkilNlAv4isAt  
iwFbQFSnbzCuKiYo1My5ZGA5CYwE9L4PzAdRbIasAlb2XIeJ+uCFCCIaqJLbPwKd  
GR9GNZWj+Fo=Z1ER  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7186-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7186  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

ppc64:  
device-mapper-multipath-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc64.rpm  
kpartx-0.4.9-136.el7_9.ppc64.rpm

ppc64le:  
device-mapper-multipath-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.ppc64le.rpm  
kpartx-0.4.9-136.el7_9.ppc64le.rpm

s390x:  
device-mapper-multipath-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.s390x.rpm  
kpartx-0.4.9-136.el7_9.s390x.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.ppc64.rpm  
libdmmp-0.4.9-136.el7_9.ppc.rpm  
libdmmp-0.4.9-136.el7_9.ppc64.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.ppc64le.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.ppc64le.rpm  
libdmmp-0.4.9-136.el7_9.ppc64le.rpm  
libdmmp-devel-0.4.9-136.el7_9.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.s390.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.s390x.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.s390x.rpm  
libdmmp-0.4.9-136.el7_9.s390.rpm  
libdmmp-0.4.9-136.el7_9.s390x.rpm  
libdmmp-devel-0.4.9-136.el7_9.s390.rpm  
libdmmp-devel-0.4.9-136.el7_9.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
device-mapper-multipath-0.4.9-136.el7_9.src.rpm

x86_64:  
device-mapper-multipath-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-libs-0.4.9-136.el7_9.x86_64.rpm  
kpartx-0.4.9-136.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-debuginfo-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.i686.rpm  
device-mapper-multipath-devel-0.4.9-136.el7_9.x86_64.rpm  
device-mapper-multipath-sysvinit-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-0.4.9-136.el7_9.i686.rpm  
libdmmp-0.4.9-136.el7_9.x86_64.rpm  
libdmmp-devel-0.4.9-136.el7_9.i686.rpm  
libdmmp-devel-0.4.9-136.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpG9zjgjWX9erEAQgMzQ//Q/iLVKSzeXypnL500ie7uo9YyHTlaeIt  
wu7iWluFzMRtEVgO9EUC23D6Ts31WTtpF96DPdp3O0wfKtZaAgGnyieQ9Krj8hsW  
6QpKBNm77p/IkOH9VtQD8CxJujQDbm2UAxL82N7tJooq8rXHhXrbt6qY6v0eZwx3  
WJcoOMjBeU6BCEQqTRuiPxcZxhWllWVZtmCE7wdxiGMktRKswb5YFMdbJh+JbwHT  
fHDbPAU+MBm4htDC+7U2et3SKjsZPhjPb89F6O3kKw6hrVj/dVpbcO1MzMQ3EKOu  
ZKLb/UBmlgQvuzjzK+W/dh3yeRgJMyFTG57+79eEkMZTCR+q3sAAp+AqREQR8Zeg  
LNxrVHjScknMY2reBGa0BGMkna6D/jsYcCJjijpf1qi987NIZLcotHRPBIqNvXoL  
BtAlXCVVb3J1cvPXRrkVQLs8kN2NLpw8WC6TEYAhL2EZs68iPVHbvJz1NoCENNfa  
06FkN0L89UDhBa3JQkb36qvv3IVGBIgKQRBCJwMQX9WXvbR2RWCnE5IIP4+H5jW2  
l9QV3QYK6jqucGSqinAXOKpbzr+aUXd5wNdKJOhR3GFIO+SPc/kWrLJPbxomZAaU  
2XA599Gp03n1k6rd1L3BYpAGzcR28M9LqU5KKpbrjFvxi+kkGx/p2uVgYyigd6ar  
dihUETdfe2w=J3Nl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7186-01

Red Hat Security Advisory 2022-7171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:7171-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7171  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* backports from upstream for netfilter (BZ#2120635)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

ppc64le:  
kernel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm

x86_64:  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.6):

Source:  
kernel-3.10.0-957.99.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.99.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm  
perf-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

ppc64le:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gohNzjgjWX9erEAQh9jxAAo0hX0U836zHymb/7X8cI2lgKfgeq8NPl  
lmjvq+JVJ60emyzSrM/tU6/pWrr59SuMN2YuSLU9WgMOFn5q3kMzF0Puht0Vg299  
Uv7UOMhzgJgJIPcZIjfSKULD++vINonnMSEKg5mxEr9YXKHx+wxnYG+1quullwif  
bhxPZFpeNaaovzgGDTIEvAAih04pgoG+4CYbGsN5FtcIbaz6AsON3UruY8fKOftQ  
ZvwzwteOFc6D90ERu/x+NArx9tNhiwjxtFs2gBPOXQ4dDkJZI8NVygbuRh0aqmr9  
lxiFlQqTTXBcwhbCTv7LXYBcGesqpKIaYWMSiWf6s5Vv9qcUOiXKsn7tDJyZUmj3  
0AO6/S5CZZ/i6ziBtUIh5oH4wjcBSNzOzZX6fmDrgq7DSzPeZ/q2BIA13z7bq4w6  
POPMaCsSA/wNotnxlvR3voUDxBAlZ8QgrEt435AmV0nOvncdMgZYqhz18SPe/n7x  
tjBwSfYRzcTJm0oGk5WgDcMofLsQELk4iliqJDL2Td4havr4O+Om0xDQ9oxIX1s5  
GdQ+dHc8Qp0QCCAn74DoI+yz0xLubAFWUF+wKiaVaDAdAe0JWJX4kqaL/I3NqRpO  
gWZDffXyPHnvcEpsOIU7g1q7Mo7ufuFAvKT17CEXSkvJbL4J2JKkxnJWGBWgkVj6  
PdiJqkwxhgQmoq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7171-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7185-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7185  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
device-mapper-multipath-0.8.7-7.el9_0.1.src.rpm

aarch64:  
device-mapper-multipath-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm

ppc64le:  
device-mapper-multipath-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm

s390x:  
device-mapper-multipath-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.s390x.rpm

x86_64:  
device-mapper-multipath-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.aarch64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.s390x.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-debugsource-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-devel-0.8.7-7.el9_0.1.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
kpartx-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.i686.rpm  
libdmmp-debuginfo-0.8.7-7.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpMdzjgjWX9erEAQhhlxAAnLYr8LOMnAArHYkmIBZqygypwgl4J0k1  
o7ncHpmStLpV69VzD6V8NCOEeB+xgxYgMTRRsBjszKtutvPM4Sl2yZDHJS7Fyacd  
aS6GcfYz5nx4YSRSPglJ1L8vsaSz/IloIfOEs0w8sNR8CQLZBNEfAIjcVIVDLQAJ  
Hps6A48rnLbDOnYlgN5vm2UweS+hIGXzyc4jj6/kpRMcwzYSRfbWGZE++fLtal6Z  
+Ccka8OkRl6RB6kvE1YXuzwYdkL8xjWZR4PvQS3x4sKQhRI1qdjwCijaNAzuSQMy  
GUyWvwxF6FHzLDSgOCbucMGjFmpQQTx3nIw13J/7kYEKAtRkNV0OeywUmi4yguXE  
Za443sUnaGa1WvirJdrLhVySmVnR623bhbamCD90HvgGUeT6CPJ0gyZfybQWo4op  
EP51z9xlpGKcPKaMd3jkB5L81RMky5mcYLnVjWGOwhA7XfAf8zDtwk39EZztpJqd  
gHG+kCvfmqmbPntYp06wBvYeEnYnlF1dYkPJo7Df31xG0F/MrDs/qLGor6mOKpGz  
pXCX2z1v+xy7wLAFgFYj4jg9rZtNnc1SgMTYZZZGVDw7GrnzlJi76KkOxB4MzIG/  
RiWrz3+EwLQVgQVAyzmBKC26TpIkUxjZDITXX/cJTEsyIwg/CxmPpiilvPPZYusH  
PrKNM5XvBl4=INDC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7181-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7181-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7181  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.4.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.4.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.4.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.4.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.4.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.4.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpXtzjgjWX9erEAQgKbw//SKeJmtgvK39I4nnmnHEMvPAvQBni66S0  
ut2glMr63CN0qbsbDYHGjOm6WT4uLzFjwwiK0LmQYIfQLdQCctXBECgUdArDBNCd  
/IPrT3m1kL2If5ge4MApHKQo1c/Eicf2plY8I5R+ql0Xq9fz14WRroZ+RI12SRlO  
zuEkPAAoKABaoHqh/h5hdvsilMqSgnaPepAJbGKRsMXa9vqD2zSZaQ4FT8NR43Cc  
GUA5j5kXzheaLRyuK1KzlYxoD87F1Fc0ygzzljSi2+qjuxk+KsWRSeouVjSYH3sN  
J46fSgb55do1S8QMwzLFtb8liM8DKVENurVtWWDoG7LiZrHrGkzZq6EYEaM1b4kX  
7Yw7igMYf9yj2/n6uehQtQx0CAkVGvQ/88HlZpXzmCjs4ewfqDJ1HrlUy8p7ZnQF  
ndTPelBgUxsd2QPZT3ek8bypD5n8oKEfFUJl0qlsL6KzShmhluOuXsBVcRvp4RaV  
XgmOn3xKjJLaYrDCW3vVW6/CXTlto74OtqZRVJK71rl2W41Lpe3lJ4iontV3d1/M  
Et4XHHL4wvYHOwIFPT1iQS5Zz+phtmrs2HKwZUcSJusZp648rXi/qahfVjz5rnvh  
I7E3GfP9SvtfwQmUrJR6oiyXaSxKebbM47m3di/XmsGZ3+na1B9SdpEFBEVVYPKH  
n6JgqoRWgG8=s8XS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7181-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7192-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7192  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
device-mapper-multipath-0.8.4-22.el8_6.2.src.rpm

aarch64:  
device-mapper-multipath-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm

ppc64le:  
device-mapper-multipath-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm

s390x:  
device-mapper-multipath-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.s390x.rpm

x86_64:  
device-mapper-multipath-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.aarch64.rpm

ppc64le:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.ppc64le.rpm

s390x:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.s390x.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.s390x.rpm

x86_64:  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-debugsource-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-devel-0.8.4-22.el8_6.2.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
kpartx-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.i686.rpm  
libdmmp-debuginfo-0.8.4-22.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1go0tzjgjWX9erEAQi1Vg/+Jqqq7oYlPu31HClxrkeh1hRVpKM4wtlL  
dhaxdCntvKop7SGOoivxAy8PwnvdeSS8792yx2UJoErMoDCMvks7wKszTiNsI1Yp  
xZdysfmVj78bnkyMfdYSm9Rqwl4I4bC2endGCz8efVREGAAHKIW/ly3rGqRZnNnG  
N1HMy4v+XSvFtGWX1TDyxLNPkxDDdEKVC/cvns+UDUnIRgQHuO3RJ36ZHnYlF8Ye  
HfDIxt1ux1fS8C5JcVBdsKj1pQ0oUs9qkUsW+qxunSTIaGgSQyT2/L8K3NzrcR5d  
ZZimoDWX65binEYUhvKGNChp3cV3lwEJogcGmyeMpP+bF6WsTMCYB3aYsIeDMB8i  
SBmzsJZlI1Eb1Xk69SNGk55MyURpK2+97op51OTdJlhqQnGxqX0UEDXWv7a1Yt4+  
pXNnEWXRDz621bkJKImYYocvsqeX3xwCFEBJuJphuqK0gtReZb1zWbjNQoh97/Vk  
enZoPwjJVakn228vjq19bcxqtAX6kKLe2aHX3PuX2Dz8v8D4qk4nHRao8mHPfkae  
jBr263ltp8DyKOkpuQM67y84xSpyaaYzgNjlSQcmAC9dNmaVOxB+3p7qINxDnj4e  
rMXIohPsciENFDLa7vFSKhC5bcYiMzd+xat75AuB2V5ExqJioh+GtVVlGNhy756m  
47fa2KnK5Ag=in8Z  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7173-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7173  
Issue date:        2022-10-25  
CVE Names:         CVE-2021-3715 CVE-2022-2588  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.6 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in route4_change() in net/sched/cls_route.c  
(CVE-2021-3715)

* kernel: a use-after-free in cls_route filter implementation may lead to  
privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.src.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.src.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_84_1-debuginfo-1-6.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_92_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_94_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_95_1-debuginfo-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-957_97_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-957_84_1-1-6.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_84_1-debuginfo-1-6.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_92_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_92_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_94_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_94_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_95_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_95_1-debuginfo-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_97_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-957_97_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3715  
https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpc9zjgjWX9erEAQiy6A/8C67uLSq65p6yUadRtDHkjmZo5ep5xmmZ  
ob2WmG6yx99aLg5YGX96mpoogEU+kUOSgHKahmB+XWZGbS92a3VjPIFIprmCN/+N  
pKgyUXbiKiWmO+qYs12fqSKKoxYbloXixGukXbHbKLDjqrwV6kG0ALI5aen93PjL  
Zz204Q8X/Fs+KeOQmQZklcAmRnzFQLChVXB+UOHIK4S772llcT+GbOfVCs3mewaS  
siYv0dOU/pcclk0CZ3iF1EqKXLsQWmeh/iwZIA5M+g3IF6lhmJu1rz2oq92DmeKl  
4L2MQvBCU2XtmVchvuZVyZ3Xi8QZQfDwVu6blNdTAJsHnMgwK6JA0zB/GVvKADSx  
3pXHTAIVpKkGLjQF4PYnKez+5SUlvmbTwI6ZsAusLAtQDyOlLo5lh55NxMtINfuK  
GgNHuTKyD3aje1j8mXSMRxNkDwvl5Y2h8RPY3NDZ9XjNnTT5ks75lb1wHsWA2C4Q  
epPgCgsZ1uKaU/3SqVFaS3zHnh5wWtaZ7bJVXe87sP+t0TH8goreIhvyC0RhKNnx  
/m0acKsLvBpK6cq1eX7Gl8n7bnl6uphNhxPyodLvlcWrdICePPmsgW3KBCQ8fWYc  
aizY4umnH8cPpRI3Tb6UYsp15HPtSqvoLlBbcxLy+pF2GFJMkcpPsPEbYQ84sFfQ  
87DG6wthkiM§oV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7173-01

Red Hat Security Advisory 2022-7177-01 - This release of Camel for Spring Boot 3.14.5 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Camel for Spring Boot 3.14.5 release and security update  
Advisory ID:       RHSA-2022:7177-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7177  
Issue date:        2022-10-25  
CVE Names:         CVE-2021-22573  
====================================================================  
1. Summary:

A minor version update (from 3.14.2 to 3.14.5) is now available for Camel  
for Spring Boot. The purpose of this text-only errata is to inform you  
about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Camel for Spring Boot 3.14.5 serves as a replacement for  
Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which  
are documented in the Release Notes document linked in the References.

Security Fix(es):

* google-oauth-client: Token signature not verified (CVE-2021-22573)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

Installation instructions are available from the Camel for Spring Boot  
3.14.5 product documentation page.

https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/getting_started_with_camel_spring_boot/index

https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q4/html/camel_spring_boot_reference/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified

5. References:

https://access.redhat.com/security/cve/CVE-2021-22573  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version 22-Q4

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1go/dzjgjWX9erEAQi26g/+JAMO+Er0WE3LAhwS0DawXpXpxkSovbx/  
UUrOz4XA6qnalNZlpoWUKbGBzCn6B6LptCFy4p0CUURz+tLO4XLPESVMdsuVRhf4  
KK4sSTIvgR97JFT7vIijX4C90Dn++JEUdeoXJtJTHNJ+PsxHSlVLgMHyehGarkyU  
HET7pkv6EvfhotEn7lmoX2M74IxN5stjrWpBGL93IL++btTskYvt1T2L23F+naN6  
ed6D4uBtT7MxBh73drAdv+Qj9a7D396VrCur4mis42PPsH0hGfh2CZSpBxDRPDSr  
Y2/8UTPuwkOR/lCkoNkWUnvOOSdg0YjjwXY5608Xz1hAg1J7SSKPkmGU0tRGoThe  
LwQ2wURL9x3wkj2DpP74skcRhbiNrpbIxuIU42KeggPYZgNX5pP2zq/650Q97DlN  
bI2kIBgBoFyFwIKrdrn4dZP6u017a+OAQpGFRq2llLJUIZIAU2/YNtFVtKZN+QXw  
kn3B0g0kl7+XFo4VCXJ11fukYFItXHna9u4oxUCiAEk7IBlZfDPXqoEZSwoj5US2  
J1r3F9Y1zTXMWGMvrdI1soAI2ckCD9Uxvl7Ch4A76mhPyjeb6BGV0WW6kuBbkcZ8  
gZWwZoFiVXFVPFdMlTY58GJXPHnKgWr7pgNkMq6m28x9T8nvaiLWxdFt1lOD/KI8  
YxGv6/UMihY=wS+h  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7177-01

Red Hat Security Advisory 2022-7178-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:7178-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7178  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-39236 CVE-2022-39249 CVE-2022-39250  
                   CVE-2022-39251 CVE-2022-42927 CVE-2022-42928  
                   CVE-2022-42929 CVE-2022-42932  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack by malicious server administrators (CVE-2022-39249)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device  
verification attack (CVE-2022-39250)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an  
impersonation attack (CVE-2022-39251)

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
(CVE-2022-42927)

* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data  
corruption issue (CVE-2022-39236)

* Mozilla: Denial of Service via window.print (CVE-2022-42929)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird  
102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2135391 - CVE-2022-39236 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue  
2135393 - CVE-2022-39249 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators  
2135395 - CVE-2022-39250 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack  
2135396 - CVE-2022-39251 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack  
2136156 - CVE-2022-42927 Mozilla: Same-origin policy violation could have leaked cross-origin URLs  
2136157 - CVE-2022-42928 Mozilla: Memory Corruption in JS Engine  
2136158 - CVE-2022-42929 Mozilla: Denial of Service via window.print  
2136159 - CVE-2022-42932 Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.4.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.4.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.4.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.4.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.4.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.4.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.4.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.4.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.4.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.4.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.4.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.4.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.4.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39236  
https://access.redhat.com/security/cve/CVE-2022-39249  
https://access.redhat.com/security/cve/CVE-2022-39250  
https://access.redhat.com/security/cve/CVE-2022-39251  
https://access.redhat.com/security/cve/CVE-2022-42927  
https://access.redhat.com/security/cve/CVE-2022-42928  
https://access.redhat.com/security/cve/CVE-2022-42929  
https://access.redhat.com/security/cve/CVE-2022-42932  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpadzjgjWX9erEAQjZ2A//VFqqY+5rWTcCLtIv9aHbrYVzPr408fQQ  
HvSWWBqtCpKVpDK+cOmOTzidaKs+0VVy4MG1Ie/EYGj0524xyAFRZRuAyhqOoDD2  
0kbiURziU3ySM8XVXdekOjhiePVrH5PWTdwqm5XI5OF3Ud+1HoU3M6ZSlEb11Ctx  
/6tNQ400YK9+CLNm1tGuHwwx+LPeoo9uQOEN1R5F7S7Y3b5lb2tyc3CqwgqSVKU5  
m1SIz2wTthd1QJ7a2ZH4Ai9qCqnljDkrU4oqO8IMrngIGwjqqHBVc5Jjdmvjb0Ny  
TMMyYQh3rd5YUIH+kuaekPvd41c/te4OrsObk8WvUxwXNpbGsuFjodGw9b0lQ6W4  
HqP8doLB+J/Fgab27crgU+VdO3R55cqciIypsGaYTxmpyAdijyjgMUbjmo9ac4oL  
bdO6Oq7b4XgGBYScVmXBldADtOF9YuXEWBlk02dOsdQK2ThbFX7o8Ox2LrYwxQpI  
07UfBqx2vec8ah1h46ij4IsUZGWxvC7iMZm5n8F43c6XLhHlq9B1Ir8MbMczn6Fw  
lDqp6F/TZO/++PSC5qDnJ/OTUrf4VcMmXjQSnE7hdgtqRJNmpgl8GHGX/7l/VPrr  
zxExOGlYkKrHprthCK+9tCvYZJweJM97+tbg8Lh1XrO14jdoyfuAiPAzcYapCUo8  
6dJIRcgweh8=Wcpb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7178-01

Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: device-mapper-multipath security update  
Advisory ID:       RHSA-2022:7187-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7187  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-41974  
====================================================================  
1. Summary:

An update for device-mapper-multipath is now available for Red Hat  
Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The device-mapper-multipath packages provide tools that use the  
device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: Authorization bypass, multipathd daemon listens  
for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
device-mapper-multipath-0.8.0-5.el8_1.1.src.rpm

aarch64:  
device-mapper-multipath-0.8.0-5.el8_1.1.aarch64.rpm  
device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.aarch64.rpm  
device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.aarch64.rpm  
device-mapper-multipath-libs-0.8.0-5.el8_1.1.aarch64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.aarch64.rpm  
kpartx-0.8.0-5.el8_1.1.aarch64.rpm  
kpartx-debuginfo-0.8.0-5.el8_1.1.aarch64.rpm  
libdmmp-0.8.0-5.el8_1.1.aarch64.rpm  
libdmmp-debuginfo-0.8.0-5.el8_1.1.aarch64.rpm

ppc64le:  
device-mapper-multipath-0.8.0-5.el8_1.1.ppc64le.rpm  
device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm  
device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.ppc64le.rpm  
device-mapper-multipath-libs-0.8.0-5.el8_1.1.ppc64le.rpm  
device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm  
kpartx-0.8.0-5.el8_1.1.ppc64le.rpm  
kpartx-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm  
libdmmp-0.8.0-5.el8_1.1.ppc64le.rpm  
libdmmp-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm

s390x:  
device-mapper-multipath-0.8.0-5.el8_1.1.s390x.rpm  
device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.s390x.rpm  
device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.s390x.rpm  
device-mapper-multipath-libs-0.8.0-5.el8_1.1.s390x.rpm  
device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.s390x.rpm  
kpartx-0.8.0-5.el8_1.1.s390x.rpm  
kpartx-debuginfo-0.8.0-5.el8_1.1.s390x.rpm  
libdmmp-0.8.0-5.el8_1.1.s390x.rpm  
libdmmp-debuginfo-0.8.0-5.el8_1.1.s390x.rpm

x86_64:  
device-mapper-multipath-0.8.0-5.el8_1.1.x86_64.rpm  
device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.i686.rpm  
device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm  
device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.i686.rpm  
device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.x86_64.rpm  
device-mapper-multipath-libs-0.8.0-5.el8_1.1.i686.rpm  
device-mapper-multipath-libs-0.8.0-5.el8_1.1.x86_64.rpm  
device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.i686.rpm  
device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm  
kpartx-0.8.0-5.el8_1.1.x86_64.rpm  
kpartx-debuginfo-0.8.0-5.el8_1.1.i686.rpm  
kpartx-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm  
libdmmp-0.8.0-5.el8_1.1.i686.rpm  
libdmmp-0.8.0-5.el8_1.1.x86_64.rpm  
libdmmp-debuginfo-0.8.0-5.el8_1.1.i686.rpm  
libdmmp-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1gpEdzjgjWX9erEAQiEaRAAlP/4YecK4K+FocynN9Rfi2z1PgOWuJ0r  
qulW6O15pJMkGoElJlcQXqE7Bv3cBE1jdJJ0xT0WFME6nlnsUfUfKNTTwRwapmyh  
6p5wvMKzok28NY4eViTan2Hiek+enKoZC/YtSaAfQcHy/YUGxNlz5pSlDX4MGnHW  
IWCfZz3DmxpooVfxIbN8YRFgPASYBcSn7maprPScxDAvYsUfvyUcv1Eix8l1YJM3  
XmnG3CtteiWPNewkKhTbxSxV2ktGnFsm3k64wDyZtNuFHBrNCjnWdDcjAGy2Ze6l  
IYJ0uRnTtV4ApT6wwT2y/2gm4uMsPPF4fOrzem8x0/p0++xjtwm+cL0I4gXT9NIG  
dTkKPDoT0LhVDvtZkP5aiR/IwHdci2avE5pW4wGHgbODvibmXzPg3tnJAbbGPH9Y  
AzHNLxYODzqGhxjQZA+NCSBzkLVQmrwaGMx7Q6b6irR+0cbNGZjilpR57U+UnyuZ  
9iD/5R1M3hhCyFCduV8fENuNp6zrrPf3tCdzubCxkXPK85V7yFr3IeNWNKK5/Xey  
kEGwszZP48P+S1pEBhivwW/W7kM1bjUz1t6LuY8DCgV8+vggAh4+VZyOHsNiFBT0  
xo8nEFXXmsQ0k1su9vrUNSkJHnLkGFpyNxJOtF9oif6j3YEWhJWoITP/4DOT4sb/  
fIPFIvs0xH4=ZQiX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat