Explore top 10 tips to secure your open-source projects now. Read More
×
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:5186-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5186 Issue date: 2023-09-18 CVE Names: CVE-2023-4863 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec 6. Package List: Red Hat Enterprise Linux AppStream AUS (v. 8.2): Source: thunderbird-102.15.1-1.el8_2.src.rpm x86_64: thunderbird-102.15.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el8_2.x86_64.rpm thunderbird-debugsource-102.15.1-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: thunderbird-102.15.1-1.el8_2.src.rpm ppc64le: thunderbird-102.15.1-1.el8_2.ppc64le.rpm thunderbird-debuginfo-102.15.1-1.el8_2.ppc64le.rpm thunderbird-debugsource-102.15.1-1.el8_2.ppc64le.rpm x86_64: thunderbird-102.15.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el8_2.x86_64.rpm thunderbird-debugsource-102.15.1-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v. 8.2): Source: thunderbird-102.15.1-1.el8_2.src.rpm x86_64: thunderbird-102.15.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el8_2.x86_64.rpm thunderbird-debugsource-102.15.1-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4863 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlCGxdAAoJENzjgjWX9erEG1sQAKBnmKj8vSNPHHRp9RltZN3l gEW11dfgB6FKVH2D9AAfr1E/rB2sETrE7nhDA7VZlqYx1zK8WXAzsrJdnihGSS7t Ggnrz/NFX8FY7VvAcqVsV4tFyhghOs2FDj8LE6JYHDexMcKZPln2g67zx3JqmsmW GudLyBQGs7rlLkOggJQ/3KZ9gEysZH+gdZyiqq999CISPFTtYP9ZiipO5AyWxnfC tyuh7PXYwfjwip/KpBUgR5Oa6Ad2HWzwP7E6oXhwJf03bREKvSx3YhVTxsTz3MNr DMcHrOs0Kd3q8+6mrO/clFjMlICkapR8Qm4168Un8fHk9xX6OqDhZvebef+NHz/M oPvLhtE7venUcANzvH9WN63emVxLEU2Rw42Mu6dHOfatWRs4KY9DFQDcGLBYsZgj HXKeibBFuQuOrKMR2KfZVfLQzhGD7H2pZkw5jZSIyHGIGgwyprTngJT6aw59tZDf DSfxtfjFEABW40ReHfCfpSZdCCJ3xoPbxp8tBrd+fTiETcxt1UWhzTB2CCo6/gfh TExCuGJ+dBuQ2NAQ1N2QfM9CHXRPyDi04zmnFJXvpK1yDWkiYHtaSQjEfdSwVJMJ ceGrzkWaWHNy8gEQxhYnwG1s74KgG+t64u84MnT8+anMosAFuvysupJIg+LnJo0w PIueuEw379MKqQstzT5m =famo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: python3 security update Advisory ID: RHSA-2023:3935-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3935 Issue date: 2023-06-29 CVE Names: CVE-2023-24329 ==================================================================== 1. Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to variouswindowing systems. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass 6. Package List: Red Hat Enterprise Linux AppStream AUS (v.8.2): aarch64: platform-python-debug-3.6.8-24.el8_2.1.aarch64.rpm platform-python-devel-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-idle-3.6.8-24.el8_2.1.aarch64.rpm python3-tkinter-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-debug-3.6.8-24.el8_2.1.ppc64le.rpm platform-python-devel-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-idle-3.6.8-24.el8_2.1.ppc64le.rpm python3-tkinter-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-debug-3.6.8-24.el8_2.1.s390x.rpm platform-python-devel-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-idle-3.6.8-24.el8_2.1.s390x.rpm python3-tkinter-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.x86_64.rpm platform-python-devel-3.6.8-24.el8_2.1.i686.rpm platform-python-devel-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-idle-3.6.8-24.el8_2.1.i686.rpm python3-idle-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v.8.2): aarch64: platform-python-debug-3.6.8-24.el8_2.1.aarch64.rpm platform-python-devel-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-idle-3.6.8-24.el8_2.1.aarch64.rpm python3-tkinter-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-debug-3.6.8-24.el8_2.1.ppc64le.rpm platform-python-devel-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-idle-3.6.8-24.el8_2.1.ppc64le.rpm python3-tkinter-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-debug-3.6.8-24.el8_2.1.s390x.rpm platform-python-devel-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-idle-3.6.8-24.el8_2.1.s390x.rpm python3-tkinter-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.x86_64.rpm platform-python-devel-3.6.8-24.el8_2.1.i686.rpm platform-python-devel-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-idle-3.6.8-24.el8_2.1.i686.rpm python3-idle-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v.8.2): aarch64: platform-python-debug-3.6.8-24.el8_2.1.aarch64.rpm platform-python-devel-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-idle-3.6.8-24.el8_2.1.aarch64.rpm python3-tkinter-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-debug-3.6.8-24.el8_2.1.ppc64le.rpm platform-python-devel-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-idle-3.6.8-24.el8_2.1.ppc64le.rpm python3-tkinter-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-debug-3.6.8-24.el8_2.1.s390x.rpm platform-python-devel-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-idle-3.6.8-24.el8_2.1.s390x.rpm python3-tkinter-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.i686.rpm platform-python-debug-3.6.8-24.el8_2.1.x86_64.rpm platform-python-devel-3.6.8-24.el8_2.1.i686.rpm platform-python-devel-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-idle-3.6.8-24.el8_2.1.i686.rpm python3-idle-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.i686.rpm python3-tkinter-3.6.8-24.el8_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS AUS (v.8.2): Source: python3-3.6.8-24.el8_2.1.src.rpm aarch64: platform-python-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-libs-3.6.8-24.el8_2.1.aarch64.rpm python3-test-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-libs-3.6.8-24.el8_2.1.ppc64le.rpm python3-test-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-libs-3.6.8-24.el8_2.1.s390x.rpm python3-test-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-libs-3.6.8-24.el8_2.1.i686.rpm python3-libs-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS E4S (v.8.2): Source: python3-3.6.8-24.el8_2.1.src.rpm aarch64: platform-python-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-libs-3.6.8-24.el8_2.1.aarch64.rpm python3-test-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-libs-3.6.8-24.el8_2.1.ppc64le.rpm python3-test-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-libs-3.6.8-24.el8_2.1.s390x.rpm python3-test-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-libs-3.6.8-24.el8_2.1.i686.rpm python3-libs-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS TUS (v.8.2): Source: python3-3.6.8-24.el8_2.1.src.rpm aarch64: platform-python-3.6.8-24.el8_2.1.aarch64.rpm python3-debuginfo-3.6.8-24.el8_2.1.aarch64.rpm python3-debugsource-3.6.8-24.el8_2.1.aarch64.rpm python3-libs-3.6.8-24.el8_2.1.aarch64.rpm python3-test-3.6.8-24.el8_2.1.aarch64.rpm ppc64le: platform-python-3.6.8-24.el8_2.1.ppc64le.rpm python3-debuginfo-3.6.8-24.el8_2.1.ppc64le.rpm python3-debugsource-3.6.8-24.el8_2.1.ppc64le.rpm python3-libs-3.6.8-24.el8_2.1.ppc64le.rpm python3-test-3.6.8-24.el8_2.1.ppc64le.rpm s390x: platform-python-3.6.8-24.el8_2.1.s390x.rpm python3-debuginfo-3.6.8-24.el8_2.1.s390x.rpm python3-debugsource-3.6.8-24.el8_2.1.s390x.rpm python3-libs-3.6.8-24.el8_2.1.s390x.rpm python3-test-3.6.8-24.el8_2.1.s390x.rpm x86_64: platform-python-3.6.8-24.el8_2.1.x86_64.rpm python3-debuginfo-3.6.8-24.el8_2.1.i686.rpm python3-debuginfo-3.6.8-24.el8_2.1.x86_64.rpm python3-debugsource-3.6.8-24.el8_2.1.i686.rpm python3-debugsource-3.6.8-24.el8_2.1.x86_64.rpm python3-libs-3.6.8-24.el8_2.1.i686.rpm python3-libs-3.6.8-24.el8_2.1.x86_64.rpm python3-test-3.6.8-24.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZJ2oadzjgjWX9erEAQiJUw//cm+GryGNF/S6G7uNgBtheJjxEjNWZSJ6 NB+T82pFhKcwW622k5i6WnyUTCi4d8/WeNiFGYb5RHcRpjpfRRUj5H1dTuxd7fYb GZLV07+sTrqGcFvWi0k+d6jro7h5BzhaRHJBeP7WIfl55dGEZ3njRHwTcOV6HiIx KOA//8m2nGp58F/74OGSLlshq+MXpkO6XFK2PobkHmLdC1w+DDZbFvh3f2oJdoVr W8aJ9BJjs70+rrPU75wKyCIhe2BO06hGzNS8MvmApzHsYCS7Q4COfs7kYy0E5tWt kNAnwV4BE+SHKqKdWbuUWUfupzTSa3MxbxmRTgLU81qgZ9kPCtkzkAo/dt1mwcKT PfNMEUcITj+mlhhD5dzPtdMVsylHr/xRsQPKUMchEGrUBh6u1CrBKTnpSSMqOTTg nq8oefdIWfTmBQMr8n33wNHT1L+XCFTGDjiPceNENebSrRbYmGbIUbIEnR8TjWMz q8Etzznqx2HX3wRbuVLk4C3FFZk0XwHiAcrp/6U6A/sNFPHCbZTUgUSpsO8yDfW2 l12MgE68Vl2d+a64MdiTLHHZvI6jiNWehr7uSYqq/k8/jjLALL/bdTB4O36gRd2r J1mzlJwN0+edKXAz/szP0nouJ7Gr2YZmOoypLeD0OxSj2rs8S5Hk/nR++7E6fIwN PIg+ALHDcPM=KTTg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: freerdp security update Advisory ID: RHSA-2023:2851-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2851 Issue date: 2023-05-16 CVE Names: CVE-2022-39282 CVE-2022-39283 CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877 ==================================================================== 1. Summary: An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282) * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283) * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316) * freerdp: undefinedbehaviour in zgfx decoder (CVE-2022-39317) * freerdp: division by zero in urbdrc channel (CVE-2022-39318) * freerdp: missing length validation in urbdrc channel (CVE-2022-39319) * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320) * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347) * freerdp: missing input length validation in `drive` channel (CVE-2022-41877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2134713 - CVE-2022-39282 freerdp: clients using `/parallel` command line switch might read uninitialized data 2134717 - CVE-2022-39283 freerdp: clients using the `/video` command line switch might read uninitialized data 2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder 2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder 2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel 2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel 2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel 2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel 2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: freerdp-2.2.0-10.el8.src.rpm aarch64: freerdp-2.2.0-10.el8.aarch64.rpm freerdp-debuginfo-2.2.0-10.el8.aarch64.rpm freerdp-debugsource-2.2.0-10.el8.aarch64.rpm freerdp-libs-2.2.0-10.el8.aarch64.rpm freerdp-libs-debuginfo-2.2.0-10.el8.aarch64.rpm libwinpr-2.2.0-10.el8.aarch64.rpm libwinpr-debuginfo-2.2.0-10.el8.aarch64.rpm libwinpr-devel-2.2.0-10.el8.aarch64.rpm ppc64le: freerdp-2.2.0-10.el8.ppc64le.rpm freerdp-debuginfo-2.2.0-10.el8.ppc64le.rpm freerdp-debugsource-2.2.0-10.el8.ppc64le.rpm freerdp-libs-2.2.0-10.el8.ppc64le.rpm freerdp-libs-debuginfo-2.2.0-10.el8.ppc64le.rpm libwinpr-2.2.0-10.el8.ppc64le.rpm libwinpr-debuginfo-2.2.0-10.el8.ppc64le.rpm libwinpr-devel-2.2.0-10.el8.ppc64le.rpm s390x: freerdp-2.2.0-10.el8.s390x.rpm freerdp-debuginfo-2.2.0-10.el8.s390x.rpm freerdp-debugsource-2.2.0-10.el8.s390x.rpm freerdp-libs-2.2.0-10.el8.s390x.rpm freerdp-libs-debuginfo-2.2.0-10.el8.s390x.rpm libwinpr-2.2.0-10.el8.s390x.rpm libwinpr-debuginfo-2.2.0-10.el8.s390x.rpm libwinpr-devel-2.2.0-10.el8.s390x.rpm x86_64: freerdp-2.2.0-10.el8.x86_64.rpm freerdp-debuginfo-2.2.0-10.el8.i686.rpm freerdp-debuginfo-2.2.0-10.el8.x86_64.rpm freerdp-debugsource-2.2.0-10.el8.i686.rpm freerdp-debugsource-2.2.0-10.el8.x86_64.rpm freerdp-libs-2.2.0-10.el8.i686.rpm freerdp-libs-2.2.0-10.el8.x86_64.rpm freerdp-libs-debuginfo-2.2.0-10.el8.i686.rpm freerdp-libs-debuginfo-2.2.0-10.el8.x86_64.rpm libwinpr-2.2.0-10.el8.i686.rpm libwinpr-2.2.0-10.el8.x86_64.rpm libwinpr-debuginfo-2.2.0-10.el8.i686.rpm libwinpr-debuginfo-2.2.0-10.el8.x86_64.rpm libwinpr-devel-2.2.0-10.el8.i686.rpm libwinpr-devel-2.2.0-10.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v.8): aarch64: freerdp-debuginfo-2.2.0-10.el8.aarch64.rpm freerdp-debugsource-2.2.0-10.el8.aarch64.rpm freerdp-devel-2.2.0-10.el8.aarch64.rpm freerdp-libs-debuginfo-2.2.0-10.el8.aarch64.rpm libwinpr-debuginfo-2.2.0-10.el8.aarch64.rpm ppc64le: freerdp-debuginfo-2.2.0-10.el8.ppc64le.rpm freerdp-debugsource-2.2.0-10.el8.ppc64le.rpm freerdp-devel-2.2.0-10.el8.ppc64le.rpm freerdp-libs-debuginfo-2.2.0-10.el8.ppc64le.rpm libwinpr-debuginfo-2.2.0-10.el8.ppc64le.rpm s390x: freerdp-debuginfo-2.2.0-10.el8.s390x.rpm freerdp-debugsource-2.2.0-10.el8.s390x.rpm freerdp-devel-2.2.0-10.el8.s390x.rpm freerdp-libs-debuginfo-2.2.0-10.el8.s390x.rpm libwinpr-debuginfo-2.2.0-10.el8.s390x.rpm x86_64: freerdp-debuginfo-2.2.0-10.el8.i686.rpm freerdp-debuginfo-2.2.0-10.el8.x86_64.rpm freerdp-debugsource-2.2.0-10.el8.i686.rpm freerdp-debugsource-2.2.0-10.el8.x86_64.rpm freerdp-devel-2.2.0-10.el8.i686.rpm freerdp-devel-2.2.0-10.el8.x86_64.rpm freerdp-libs-debuginfo-2.2.0-10.el8.i686.rpm freerdp-libs-debuginfo-2.2.0-10.el8.x86_64.rpm libwinpr-debuginfo-2.2.0-10.el8.i686.rpm libwinpr-debuginfo-2.2.0-10.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-39282 https://access.redhat.com/security/cve/CVE-2022-39283 https://access.redhat.com/security/cve/CVE-2022-39316 https://access.redhat.com/security/cve/CVE-2022-39317 https://access.redhat.com/security/cve/CVE-2022-39318 https://access.redhat.com/security/cve/CVE-2022-39319 https://access.redhat.com/security/cve/CVE-2022-39320 https://access.redhat.com/security/cve/CVE-2022-39347 https://access.redhat.com/security/cve/CVE-2022-41877 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNwFtzjgjWX9erEAQiavQ/+O4yHxylDY+RhBfMyL02mMrl5HnhDYqcI Sf6c+WVKqoMwuGAGfOLddYyxRsgUjlVJO6v1xzySPIXm77ukUYnDcrZGNSfdnlNq 238JNZWHhEUqY96vabfs0fFXS5l1gSmvQ5iKp+S5MSL20OohFXQWkfnfDDIU97lw vSrPfgqalWDow9JEg/NVG2dERskDv2ZcHqcsYCyWMu3SAUZ2/V44xtjSjGqxBrqG Z06SLlUrJCIX1L39doI04AuK/znxf5jJoDEAfMgJXh6FSFiR81EFKKG0DYcYPYIl PUIjiIpyGzXEpJrk0looJIX9GaN94YbXQRmi9peFnIVctf4sjsufEXGfKi+YgLna 1o5ncLYaL2q16AJ6H2f25aivS543X9ZwIVN5bGiDvWaqNyADl8PDnJMagBK8atR8 tM7MCCtF6cvj203OsjAtisHGZNxE5o6ZkQIWx49FJjTfIMFX5j9zPBH384nnq8pg mJxqvaw3Z2wG6rGiinWhpMeemMJ7lAhdDek0A5RrIRbcsjvWWmCe5YLXHwG2jE3T c10DdlwLuRGxURioThhlpG8nhtS7QL5lGUT7rkEkxGb+ng4ll8XAFbCrrddGS3tf +k5rw/ulUIxeRFxM/KBod3Vw1VdbS3HsC2seKQryh4DiTj/ojI3LMe6I28rfLsKp 076nDSx3a0Y=fpa0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libtiff security update Advisory ID: RHSA-2023:2340-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2340 Issue date: 2023-05-09 CVE Names: CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 CVE-2022-4645 CVE-2023-30774 CVE-2023-30775 ==================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: heap Buffer overflows in tiffcrop.c (CVE-2022-3570) * libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597) * libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598) * libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599) * libtiff: out-of-bounds write in_TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626) * libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627) * libtiff: integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970) * libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) * libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2023-30774) * libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2142734 - CVE-2022-3570 libtiff: heap Buffer overflows in tiffcrop.c 2142736 - CVE-2022-3597 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix 2142738 - CVE-2022-3598 libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c 2142740 - CVE-2022-3599 libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c 2142741 - CVE-2022-3626 libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c 2142742 - CVE-2022-3627 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c 2148918 - CVE-2022-3970 libtiff: integer overflow in function TIFFReadRGBATileExt of the file 2176220 - CVE-2022-4645 libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c 2187139 - CVE-2023-30774 libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value 2187141 - CVE-2023-30775libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: libtiff-4.4.0-7.el9.src.rpm aarch64: libtiff-4.4.0-7.el9.aarch64.rpm libtiff-debuginfo-4.4.0-7.el9.aarch64.rpm libtiff-debugsource-4.4.0-7.el9.aarch64.rpm libtiff-devel-4.4.0-7.el9.aarch64.rpm libtiff-tools-debuginfo-4.4.0-7.el9.aarch64.rpm ppc64le: libtiff-4.4.0-7.el9.ppc64le.rpm libtiff-debuginfo-4.4.0-7.el9.ppc64le.rpm libtiff-debugsource-4.4.0-7.el9.ppc64le.rpm libtiff-devel-4.4.0-7.el9.ppc64le.rpm libtiff-tools-debuginfo-4.4.0-7.el9.ppc64le.rpm s390x: libtiff-4.4.0-7.el9.s390x.rpm libtiff-debuginfo-4.4.0-7.el9.s390x.rpm libtiff-debugsource-4.4.0-7.el9.s390x.rpm libtiff-devel-4.4.0-7.el9.s390x.rpm libtiff-tools-debuginfo-4.4.0-7.el9.s390x.rpm x86_64: libtiff-4.4.0-7.el9.i686.rpm libtiff-4.4.0-7.el9.x86_64.rpm libtiff-debuginfo-4.4.0-7.el9.i686.rpm libtiff-debuginfo-4.4.0-7.el9.x86_64.rpm libtiff-debugsource-4.4.0-7.el9.i686.rpm libtiff-debugsource-4.4.0-7.el9.x86_64.rpm libtiff-devel-4.4.0-7.el9.i686.rpm libtiff-devel-4.4.0-7.el9.x86_64.rpm libtiff-tools-debuginfo-4.4.0-7.el9.i686.rpm libtiff-tools-debuginfo-4.4.0-7.el9.x86_64.rpm Red Hat Enterprise Linux CRB (v. 9): aarch64: libtiff-debuginfo-4.4.0-7.el9.aarch64.rpm libtiff-debugsource-4.4.0-7.el9.aarch64.rpm libtiff-tools-4.4.0-7.el9.aarch64.rpm libtiff-tools-debuginfo-4.4.0-7.el9.aarch64.rpm ppc64le: libtiff-debuginfo-4.4.0-7.el9.ppc64le.rpm libtiff-debugsource-4.4.0-7.el9.ppc64le.rpm libtiff-tools-4.4.0-7.el9.ppc64le.rpm libtiff-tools-debuginfo-4.4.0-7.el9.ppc64le.rpm s390x: libtiff-debuginfo-4.4.0-7.el9.s390x.rpm libtiff-debugsource-4.4.0-7.el9.s390x.rpm libtiff-tools-4.4.0-7.el9.s390x.rpm libtiff-tools-debuginfo-4.4.0-7.el9.s390x.rpm x86_64: libtiff-debuginfo-4.4.0-7.el9.x86_64.rpm libtiff-debugsource-4.4.0-7.el9.x86_64.rpm libtiff-tools-4.4.0-7.el9.x86_64.rpm libtiff-tools-debuginfo-4.4.0-7.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify thesignature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3570 https://access.redhat.com/security/cve/CVE-2022-3597 https://access.redhat.com/security/cve/CVE-2022-3598 https://access.redhat.com/security/cve/CVE-2022-3599 https://access.redhat.com/security/cve/CVE-2022-3626 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4645 https://access.redhat.com/security/cve/CVE-2023-30774 https://access.redhat.com/security/cve/CVE-2023-30775 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo1htzjgjWX9erEAQg0TA//R+KGiGbLwUXy93h5+6i5Mvvrmk5d+dtF CvtLP7jtuI0AtPcCATNn1B7EiGOvLBWkxDp0NdtFSLhnrLydOYBv6AlaM6as+gEk 2mpF9m8MiKCi5fv3PPQmUJJec/dfFQoPqQC+0TbdOhnaupKIFpaU35lY155bZqkE idGTbmkvrFGZaiFxV8hJ9H8fr8t7oYeFZKhkCzY7GEVmHMjcBCktWR+/k40RyGqo 1RE1YVmMSirgN68k4yxlr03Ykvb8i08Vq35BdCGCINvdo8Q7maz4TTPfyKpNZbwh 0VVTBRFRgLIxNa7EVJfW7rWT7dM2yyvzuCvq8YhZsiBXKCB/wycUYNYxZbcb0qKQ LnM2kGRLwKlp5JUYIfy+aLdT8s9GWly3z8+PEInuUYJUY4g+OYllnstmd4KBglrI 4qZuccRMKapLdJ3jobHe1TPRozw5/OTEktp2ySwQw1bcwpikY1pUHmHBjkJWyGp9 qolEJ2FyXl8BREcuevr8WAvFIOmILeDnqrD7qUgEuypSKfyIStd4oNeBl+G25Vn7 E5DxkMLi+EsyvJGJoG4Eh/L6hH4kdRgnWUeBz6QyJJAbKzeRCjCKQ4rnEAkd9D3L 98a7g4CEanT7dVp8qp5zeh4eo8lYAo1ZR/+163J5tynhlXCqmO7s4b7hWD0U+8Fx h34qpaEeYMU=gQd4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0855 Issue date: 2023-02-21 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 8) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise LinuxHigh Availability (v. 8): Source: pcs-0.10.14-5.el8_7.2.src.rpm aarch64: pcs-0.10.14-5.el8_7.2.aarch64.rpm pcs-snmp-0.10.14-5.el8_7.2.aarch64.rpm ppc64le: pcs-0.10.14-5.el8_7.2.ppc64le.rpm pcs-snmp-0.10.14-5.el8_7.2.ppc64le.rpm s390x: pcs-0.10.14-5.el8_7.2.s390x.rpm pcs-snmp-0.10.14-5.el8_7.2.s390x.rpm x86_64: pcs-0.10.14-5.el8_7.2.x86_64.rpm pcs-snmp-0.10.14-5.el8_7.2.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 8): Source: pcs-0.10.14-5.el8_7.2.src.rpm ppc64le: pcs-0.10.14-5.el8_7.2.ppc64le.rpm pcs-snmp-0.10.14-5.el8_7.2.ppc64le.rpm s390x: pcs-0.10.14-5.el8_7.2.s390x.rpm pcs-snmp-0.10.14-5.el8_7.2.s390x.rpm x86_64: pcs-0.10.14-5.el8_7.2.x86_64.rpm pcs-snmp-0.10.14-5.el8_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5D9zjgjWX9erEAQgwSw/+JMDnL0Qlpl0Sf8yC8DY5CSTHgjcUScjg dtCeeQI3e6QnMUyXVuiuhjxDVs8YDAzl/x3iU/3ttIRulWBsFJ4dqWe2dHCeqqqa mPcbECYgZqlfftJ+e2z2gYSmyYej4h33h5DFhdpC9WuOQVZ4FZ1UEq2fCF9g3NXV 7chby7x5+2oQQcjLxhUQPOwV0MOzMHWj0s97mRJiioQIa2sqAZKPp8mFE+OIVlti RgzS5JAD5rkyiRhq7JZneouZIdLz29+c6N47+/n1ONBfg6ZujAw9uXMdGrGVu/RA mU43bSbWY2L6a7hGYNwORRT31CzT+n8onk4M3OQo6CFLgIbj+vGzaI85Sy8mDqS/ 3Yh/n0kDpqOzo+C6hxmvMx9Rq20Pb8aaZXy/vurj0gAERBL/9UG5qSegpJIFJqPi YdcyiUMNJ40BiqSCykdrKIP6YLKhjYaWqJ/efqEGzR5D+4lctx/l3tj3vFMk6xuy 8O+ULFMMZ2PhCKvRiqBVkGwnDaBwGOMxaoOYi3XAEsiw+ZA4wMS0I/uCU3u22/40 Q2NzhTCrCjdL8so3R/bCaC96u8gY4jdGlWabb2sDzKBG1eTnVX70lwNvH18MmEaS R1dKSJeZOctt2S8JeJnXjDcEzcUEwEaYKkUdQXa7uAvaUJmV64rQOi7YgSksVX/u oXeMiPHGGGw=zaHm -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for bluez is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bluez security update Advisory ID: RHSA-2020:4481-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4481 Issue date: 2020-11-03 CVE Names: CVE-2020-0556 ==================================================================== 1. Summary: An update for bluez is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1814293 - CVE-2020-0556 bluez: Improper access control in subsystem could result in privilege escalation and DoS 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: bluez-cups-5.50-4.el8.aarch64.rpm bluez-cups-debuginfo-5.50-4.el8.aarch64.rpm bluez-debuginfo-5.50-4.el8.aarch64.rpm bluez-debugsource-5.50-4.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.aarch64.rpm bluez-libs-debuginfo-5.50-4.el8.aarch64.rpm bluez-obexd-debuginfo-5.50-4.el8.aarch64.rpm ppc64le: bluez-cups-5.50-4.el8.ppc64le.rpm bluez-cups-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debugsource-5.50-4.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.50-4.el8.ppc64le.rpm bluez-libs-debuginfo-5.50-4.el8.ppc64le.rpm bluez-obexd-debuginfo-5.50-4.el8.ppc64le.rpm s390x: bluez-cups-5.50-4.el8.s390x.rpm bluez-cups-debuginfo-5.50-4.el8.s390x.rpm bluez-debuginfo-5.50-4.el8.s390x.rpm bluez-debugsource-5.50-4.el8.s390x.rpm bluez-hid2hci-debuginfo-5.50-4.el8.s390x.rpm bluez-libs-debuginfo-5.50-4.el8.s390x.rpm bluez-obexd-debuginfo-5.50-4.el8.s390x.rpm x86_64: bluez-cups-5.50-4.el8.x86_64.rpm bluez-cups-debuginfo-5.50-4.el8.x86_64.rpm bluez-debuginfo-5.50-4.el8.x86_64.rpm bluez-debugsource-5.50-4.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.x86_64.rpm bluez-libs-debuginfo-5.50-4.el8.x86_64.rpm bluez-obexd-debuginfo-5.50-4.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: bluez-5.50-4.el8.src.rpm aarch64: bluez-5.50-4.el8.aarch64.rpm bluez-cups-debuginfo-5.50-4.el8.aarch64.rpm bluez-debuginfo-5.50-4.el8.aarch64.rpm bluez-debugsource-5.50-4.el8.aarch64.rpm bluez-hid2hci-5.50-4.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.aarch64.rpm bluez-libs-5.50-4.el8.aarch64.rpm bluez-libs-debuginfo-5.50-4.el8.aarch64.rpm bluez-obexd-5.50-4.el8.aarch64.rpm bluez-obexd-debuginfo-5.50-4.el8.aarch64.rpm ppc64le: bluez-5.50-4.el8.ppc64le.rpm bluez-cups-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debugsource-5.50-4.el8.ppc64le.rpm bluez-hid2hci-5.50-4.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.50-4.el8.ppc64le.rpm bluez-libs-5.50-4.el8.ppc64le.rpm bluez-libs-debuginfo-5.50-4.el8.ppc64le.rpm bluez-obexd-5.50-4.el8.ppc64le.rpm bluez-obexd-debuginfo-5.50-4.el8.ppc64le.rpm s390x: bluez-5.50-4.el8.s390x.rpm bluez-cups-debuginfo-5.50-4.el8.s390x.rpm bluez-debuginfo-5.50-4.el8.s390x.rpm bluez-debugsource-5.50-4.el8.s390x.rpm bluez-hid2hci-5.50-4.el8.s390x.rpm bluez-hid2hci-debuginfo-5.50-4.el8.s390x.rpm bluez-libs-5.50-4.el8.s390x.rpm bluez-libs-debuginfo-5.50-4.el8.s390x.rpm bluez-obexd-5.50-4.el8.s390x.rpm bluez-obexd-debuginfo-5.50-4.el8.s390x.rpm x86_64: bluez-5.50-4.el8.x86_64.rpm bluez-cups-debuginfo-5.50-4.el8.i686.rpm bluez-cups-debuginfo-5.50-4.el8.x86_64.rpm bluez-debuginfo-5.50-4.el8.i686.rpm bluez-debuginfo-5.50-4.el8.x86_64.rpm bluez-debugsource-5.50-4.el8.i686.rpm bluez-debugsource-5.50-4.el8.x86_64.rpm bluez-hid2hci-5.50-4.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.i686.rpm bluez-hid2hci-debuginfo-5.50-4.el8.x86_64.rpm bluez-libs-5.50-4.el8.i686.rpm bluez-libs-5.50-4.el8.x86_64.rpm bluez-libs-debuginfo-5.50-4.el8.i686.rpm bluez-libs-debuginfo-5.50-4.el8.x86_64.rpm bluez-obexd-5.50-4.el8.x86_64.rpm bluez-obexd-debuginfo-5.50-4.el8.i686.rpm bluez-obexd-debuginfo-5.50-4.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: bluez-cups-debuginfo-5.50-4.el8.aarch64.rpm bluez-debuginfo-5.50-4.el8.aarch64.rpm bluez-debugsource-5.50-4.el8.aarch64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.aarch64.rpm bluez-libs-debuginfo-5.50-4.el8.aarch64.rpm bluez-libs-devel-5.50-4.el8.aarch64.rpm bluez-obexd-debuginfo-5.50-4.el8.aarch64.rpm ppc64le: bluez-cups-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debuginfo-5.50-4.el8.ppc64le.rpm bluez-debugsource-5.50-4.el8.ppc64le.rpm bluez-hid2hci-debuginfo-5.50-4.el8.ppc64le.rpm bluez-libs-debuginfo-5.50-4.el8.ppc64le.rpm bluez-libs-devel-5.50-4.el8.ppc64le.rpm bluez-obexd-debuginfo-5.50-4.el8.ppc64le.rpm s390x: bluez-cups-debuginfo-5.50-4.el8.s390x.rpm bluez-debuginfo-5.50-4.el8.s390x.rpm bluez-debugsource-5.50-4.el8.s390x.rpm bluez-hid2hci-debuginfo-5.50-4.el8.s390x.rpm bluez-libs-debuginfo-5.50-4.el8.s390x.rpm bluez-libs-devel-5.50-4.el8.s390x.rpm bluez-obexd-debuginfo-5.50-4.el8.s390x.rpm x86_64: bluez-cups-debuginfo-5.50-4.el8.i686.rpm bluez-cups-debuginfo-5.50-4.el8.x86_64.rpm bluez-debuginfo-5.50-4.el8.i686.rpm bluez-debuginfo-5.50-4.el8.x86_64.rpm bluez-debugsource-5.50-4.el8.i686.rpm bluez-debugsource-5.50-4.el8.x86_64.rpm bluez-hid2hci-debuginfo-5.50-4.el8.i686.rpm bluez-hid2hci-debuginfo-5.50-4.el8.x86_64.rpm bluez-libs-debuginfo-5.50-4.el8.i686.rpm bluez-libs-debuginfo-5.50-4.el8.x86_64.rpm bluez-libs-devel-5.50-4.el8.i686.rpm bluez-libs-devel-5.50-4.el8.x86_64.rpm bluez-obexd-debuginfo-5.50-4.el8.i686.rpm bluez-obexd-debuginfo-5.50-4.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-0556 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.3_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6Iyg9zjgjWX9erEAQjo6g//a1XRLH+CmrNF+KCYq/QMwDbYDDlEDcT1 8lyh1ur6LDOBR0XNDTnA/yS2VkWqm33SJCd/eB9m5l5CIuIc9aO2vV1JvmC8WV0p cq32f/mL4MQzI53kuf/rxMed0NKTnKofGlddsf923z5r7ZjPec4lC0W5sq17ved9 qukPCZwJLdFqTdRm7yFLjLoLGzXIRAL74ELwrctzue0Gg7/r8pYoO7BKJBg3xbPv ttcyIjwT7AaX11BNmE1K2AlxOhQ+RVL27mXI4Z31844actzXJiE355BhcM8xuzDa x7kY6hg1q3Ke++8wPAbIYzo48kkukSfLJ+ih2CXLjGHDrxMOZmB4yiO1qTMQg5nM ExdTdOOl7vO55QBbu7LytB1CAQ3IRqbw96gKd+uLotoTyG+AvZwPER75ngUFyZXn owK7LTK1W2RPC5RLungj4lwKdT+FNG+/tJJqcKGopcvcKq3JMzBk0rGY1G49STCe MQKzJiF/BQ7ofKlTMSAuuy/aTFbUpHwu4gzTI7t7PyVvMSfqKyua3J+ZnnMxDwK/ uwfWZBQW6mPFeIzB8w83QlK1jFG9whUm0+q2QkIgVsXy3GDPuST1Q7ZldW9h4uLs fgCpmOLC6F83AOUh3tcUqan6Dr/pJWkMTH8ND1g0QGfvsXTkLZbA+xu8wwRRBl+l tb2UOmZ+bQ0=sWU+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2020:4053-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4053 Issue date: 2020-09-29 CVE Names: CVE-2020-14364 ==================================================================== 1. Summary: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, shut down all running virtualmachines. Once all virtual machines have shut down, start them again for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets 6. Package List: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): Source: qemu-kvm-1.5.3-167.el7_7.7.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: qemu-kvm-1.5.3-167.el7_7.7.src.rpm x86_64: qemu-img-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-common-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-debuginfo-1.5.3-167.el7_7.7.x86_64.rpm qemu-kvm-tools-1.5.3-167.el7_7.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-14364 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX3NTCtzjgjWX9erEAQht1A//YHMvIDMzSbQDMN+dImOj7rS4x/HF5sKx fuN+3rZvuNMyLeL6tz9mygsA2GbfdlcL6PQSqrttzfS5DIflOrxvD3Y8SK8aJDxI IALeONd5U6p1xnLEBWk6cKvkcZvNjzpmee3P431vRKUiPyGjUruvr91FbMTewncM 4+Lu1GIN8PDpQ+zMFqBKfNgbuH5oYRfDgu8K684BvANBDznRjDEDQRsNhHhWMa9+ gNp57gW7+5oEi9l5Wv+KciCyvcO8dKke6lUon9+f8Q/F+sifpwozbiMVVMvheljg LdLBH7geKFjIxcQ+mMVNJ7RPM+ExsfqdudSse9aswJo78rSSEgRxWWb1ZIpn0svG QsRLL1LXacHmboiyzkWQ/tWO9mKR7GJkvyOGYNDX9CV1jD7S3j9IVgNhRqM3sIXP U75tnlRTzY0DpZD+AqS/bJwc967KTskVER2MPsXKWQH/AuqD8xINVpQC9rCg83R1 FdJVHOvSJj9k3Kz13p4p9VSLsmjIh9V4iVDRZii6fvmoShPB2FBYUQh/bd0JdC30 WWC/xa99A0vMhov+eUW6vTiTmzPN8ffAXOHKePPW6skvlnXTmHsbOyOJO2uH6t7T fHxpIA9GJ06CDRVi1wWOq/ITW3iU7QyFG2LYwzMw8ZWREOAxqbe9gjzr9ekKzh2u 0XaWT0AvKqU=a02r -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mysql:8.0 security update Advisory ID: RHSA-2020:3732-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3732 Issue date: 2020-09-14 CVE Names: CVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 CVE-2020-2570 CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 CVE-2020-2579 CVE-2020-2580 CVE-2020-2584 CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 CVE-2020-2694 CVE-2020-2752 CVE-2020-2759 CVE-2020-2760 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2020-14539 CVE-2020-14540CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14567 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14597 CVE-2020-14614 CVE-2020-14619 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 CVE-2020-14702 CVE-2020-14725 ==================================================================== 1. Summary: An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.21). Security Fix(es): * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702) * mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568,CVE-2020-14623, CVE-2020-14633, CVE-2020-14634) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925) * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725) * mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619) * mysql: Server: Connection unspecified vulnerability (CVE-2019-3009) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632) * mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620) * mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574) * mysql: Server: Logging unspecified vulnerability (CVE-2020-2770) * mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804) * mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812) * mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694) * mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921) *mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553) * mysql: Server: UDF unspecified vulnerability (CVE-2020-14576) * mysql: Server: JSON unspecified vulnerability (CVE-2020-14624) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651) * mysql: Server: Locking unspecified vulnerability (CVE-2020-14656) * mysql: Information Schema unspecified vulnerability (CVE-2019-2911) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1764675 - CVE-2019-2911 mysql: Information Schema unspecified vulnerability (CPU Oct 2019) 1764676 - CVE-2019-2914 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) 1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764681 - CVE-2019-2946 mysql: Server: PS unspecified vulnerability (CPU Oct 2019) 1764684 - CVE-2019-2957 mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2019) 1764685 - CVE-2019-2960 mysql: Server: Replication unspecified vulnerability (CPU Oct 2019) 1764686 - CVE-2019-2963 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764687 - CVE-2019-2966 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764688 - CVE-2019-2967 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764689 - CVE-2019-2968 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1764691 - CVE-2019-2974 mysql: Server:Optimizer unspecified vulnerability (CPU Oct 2019) 1764692 - CVE-2019-2982 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764693 - CVE-2019-2991 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764694 - CVE-2019-2993 mysql: Server: C API unspecified vulnerability (CPU Oct 2019) 1764695 - CVE-2019-2997 mysql: Server: DDL unspecified vulnerability (CPU Oct 2019) 1764696 - CVE-2019-2998 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) 1764698 - CVE-2019-3004 mysql: Server: Parser unspecified vulnerability (CPU Oct 2019) 1764699 - CVE-2019-3009 mysql: Server: Connection unspecified vulnerability (CPU Oct 2019) 1764700 - CVE-2019-3011 mysql: Server: C API unspecified vulnerability (CPU Oct 2019) 1764701 - CVE-2019-3018 mysql: InnoDB unspecified vulnerability (CPU Oct 2019) 1796880 - CVE-2020-2577 mysql: InnoDB unspecified vulnerability (CPU Jan 2020) 1796881 - CVE-2020-2579 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796882 - CVE-2020-2580 mysql: Server: DDL unspecified vulnerability (CPU Jan 2020) 1796883 - CVE-2020-2584 mysql: Server: Options unspecified vulnerability (CPU Jan 2020) 1796884 - CVE-2020-2588 mysql: Server: DML unspecified vulnerability (CPU Jan 2020) 1796885 - CVE-2020-2589 mysql: InnoDB unspecified vulnerability (CPU Jan 2020) 1796886 - CVE-2020-2660 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796887 - CVE-2020-2679 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796888 - CVE-2020-2686 mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2020) 1796889 - CVE-2020-2694 mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2020) 1796905 - CVE-2020-2627 mysql: Server: Parser unspecified vulnerability (CPU Jan 2020) 1798559 - CVE-2020-2570 mysql: C API unspecified vulnerability (CPU Jan 2020) 1798576 - CVE-2020-2573 mysql: C API unspecified vulnerability (CPU Jan 2020) 1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020) 1830048 -CVE-2020-2759 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) 1830049 - CVE-2020-2761 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830050 - CVE-2020-2762 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830051 - CVE-2020-2763 mysql: Server: Replication unspecified vulnerability (CPU Apr 2020) 1830052 - CVE-2020-2765 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830053 - CVE-2020-2770 mysql: Server: Logging unspecified vulnerability (CPU Apr 2020) 1830054 - CVE-2020-2774 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830055 - CVE-2020-2779 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020) 1830058 - CVE-2020-2804 mysql: Server: Memcached unspecified vulnerability (CPU Apr 2020) 1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) 1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830061 - CVE-2020-2853 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2020) 1830062 - CVE-2020-2892 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830064 - CVE-2020-2893 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830066 - CVE-2020-2895 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1830067 - CVE-2020-2896 mysql: Server: Information Schema unspecified vulnerability (CPU Apr 2020) 1830068 - CVE-2020-2897 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830069 - CVE-2020-2898 mysql: Server: Charsets unspecified vulnerability (CPU Apr 2020) 1830070 - CVE-2020-2901 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830071 - CVE-2020-2903 mysql: Server: Connection Handling unspecified vulnerability (CPU Apr 2020) 1830072 - CVE-2020-2904 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830073 - CVE-2020-2921 mysql: Server: Group ReplicationPlugin unspecified vulnerability (CPU Apr 2020) 1830074 - CVE-2020-2923 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830075 - CVE-2020-2924 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830076 - CVE-2020-2925 mysql: Server: PS unspecified vulnerability (CPU Apr 2020) 1830077 - CVE-2020-2926 mysql: Server: Group Replication GCS unspecified vulnerability (CPU Apr 2020) 1830078 - CVE-2020-2928 mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2020) 1830079 - CVE-2020-2930 mysql: Server: Parser unspecified vulnerability (CPU Apr 2020) 1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020) 1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020) 1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020) 1865945 - CVE-2020-14539 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865947 - CVE-2020-14540 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865948 - CVE-2020-14547 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865949 - CVE-2020-14550 mysql: C API unspecified vulnerability (CPU Jul 2020) 1865950 - CVE-2020-14553 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2020) 1865951 - CVE-2020-14559 mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020) 1865952 - CVE-2020-14567 mysql: Server: Replication unspecified vulnerability (CPU Jul 2020) 1865953 - CVE-2020-14568 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865954 - CVE-2020-14575 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865955 - CVE-2020-14576 mysql: Server: UDF unspecified vulnerability (CPU Jul 2020) 1865956 - CVE-2020-14586 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865958 - CVE-2020-14597 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865959 - CVE-2020-14614 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865960 - CVE-2020-14619 mysql: Server: Parserunspecified vulnerability (CPU Jul 2020) 1865961 - CVE-2020-14620 mysql: Server: DML unspecified vulnerability (CPU Jul 2020) 1865962 - CVE-2020-14623 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865963 - CVE-2020-14624 mysql: Server: JSON unspecified vulnerability (CPU Jul 2020) 1865964 - CVE-2020-14631 mysql: Server: Security: Audit unspecified vulnerability (CPU Jul 2020) 1865965 - CVE-2020-14632 mysql: Server: Options unspecified vulnerability (CPU Jul 2020) 1865966 - CVE-2020-14633 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865967 - CVE-2020-14634 mysql: InnoDB unspecified vulnerability (CPU Jul 2020) 1865968 - CVE-2020-14641 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 1865969 - CVE-2020-14643 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 1865970 - CVE-2020-14654 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865971 - CVE-2020-14656 mysql: Server: Locking unspecified vulnerability (CPU Jul 2020) 1865972 - CVE-2020-14663 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865973 - CVE-2020-14678 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865974 - CVE-2020-14680 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865975 - CVE-2020-14697 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865976 - CVE-2020-14702 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2020) 1865977 - CVE-2020-14725 mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020) 1865982 - CVE-2020-14651 mysql: Server: Security: Roles unspecified vulnerability (CPU Jul 2020) 1874040 - Module stream mysql:8.0 does not have correct module.md file [rhel-8.2.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.src.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.src.rpm mysql-8.0.21-1.module+el8.2.0+7855+47abd494.src.rpm aarch64: mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.aarch64.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.aarch64.rpm mysql-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.aarch64.rpm ppc64le: mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.ppc64le.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.ppc64le.rpm mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.ppc64le.rpm mysql-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.ppc64le.rpm s390x: mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.s390x.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.s390x.rpm mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.s390x.rpm mysql-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.s390x.rpm x86_64: mecab-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm mecab-debuginfo-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm mecab-debugsource-0.996-1.module+el8.0.0+3898+e09bb8de.9.x86_64.rpm mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.x86_64.rpm mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de.x86_64.rpm mysql-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-common-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-debugsource-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-devel-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-devel-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-errmsg-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-libs-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-libs-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-server-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-server-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-test-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm mysql-test-debuginfo-8.0.21-1.module+el8.2.0+7855+47abd494.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-2911 https://access.redhat.com/security/cve/CVE-2019-2914 https://access.redhat.com/security/cve/CVE-2019-2938 https://access.redhat.com/security/cve/CVE-2019-2946 https://access.redhat.com/security/cve/CVE-2019-2957 https://access.redhat.com/security/cve/CVE-2019-2960 https://access.redhat.com/security/cve/CVE-2019-2963 https://access.redhat.com/security/cve/CVE-2019-2966 https://access.redhat.com/security/cve/CVE-2019-2967 https://access.redhat.com/security/cve/CVE-2019-2968 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2019-2982 https://access.redhat.com/security/cve/CVE-2019-2991 https://access.redhat.com/security/cve/CVE-2019-2993 https://access.redhat.com/security/cve/CVE-2019-2997 https://access.redhat.com/security/cve/CVE-2019-2998 https://access.redhat.com/security/cve/CVE-2019-3004 https://access.redhat.com/security/cve/CVE-2019-3009 https://access.redhat.com/security/cve/CVE-2019-3011 https://access.redhat.com/security/cve/CVE-2019-3018 https://access.redhat.com/security/cve/CVE-2020-2570 https://access.redhat.com/security/cve/CVE-2020-2573 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2577 https://access.redhat.com/security/cve/CVE-2020-2579 https://access.redhat.com/security/cve/CVE-2020-2580 https://access.redhat.com/security/cve/CVE-2020-2584 https://access.redhat.com/security/cve/CVE-2020-2588 https://access.redhat.com/security/cve/CVE-2020-2589 https://access.redhat.com/security/cve/CVE-2020-2627 https://access.redhat.com/security/cve/CVE-2020-2660 https://access.redhat.com/security/cve/CVE-2020-2679 https://access.redhat.com/security/cve/CVE-2020-2686 https://access.redhat.com/security/cve/CVE-2020-2694 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2759 https://access.redhat.com/security/cve/CVE-2020-2760 https://access.redhat.com/security/cve/CVE-2020-2761 https://access.redhat.com/security/cve/CVE-2020-2762 https://access.redhat.com/security/cve/CVE-2020-2763 https://access.redhat.com/security/cve/CVE-2020-2765 https://access.redhat.com/security/cve/CVE-2020-2770 https://access.redhat.com/security/cve/CVE-2020-2774 https://access.redhat.com/security/cve/CVE-2020-2779 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2804 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-2814 https://access.redhat.com/security/cve/CVE-2020-2853 https://access.redhat.com/security/cve/CVE-2020-2892 https://access.redhat.com/security/cve/CVE-2020-2893 https://access.redhat.com/security/cve/CVE-2020-2895 https://access.redhat.com/security/cve/CVE-2020-2896 https://access.redhat.com/security/cve/CVE-2020-2897 https://access.redhat.com/security/cve/CVE-2020-2898 https://access.redhat.com/security/cve/CVE-2020-2901 https://access.redhat.com/security/cve/CVE-2020-2903 https://access.redhat.com/security/cve/CVE-2020-2904 https://access.redhat.com/security/cve/CVE-2020-2921 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-2923 https://access.redhat.com/security/cve/CVE-2020-2924 https://access.redhat.com/security/cve/CVE-2020-2925 https://access.redhat.com/security/cve/CVE-2020-2926 https://access.redhat.com/security/cve/CVE-2020-2928 https://access.redhat.com/security/cve/CVE-2020-2930 https://access.redhat.com/security/cve/CVE-2020-14539 https://access.redhat.com/security/cve/CVE-2020-14540 https://access.redhat.com/security/cve/CVE-2020-14547 https://access.redhat.com/security/cve/CVE-2020-14550 https://access.redhat.com/security/cve/CVE-2020-14553 https://access.redhat.com/security/cve/CVE-2020-14559 https://access.redhat.com/security/cve/CVE-2020-14567 https://access.redhat.com/security/cve/CVE-2020-14568 https://access.redhat.com/security/cve/CVE-2020-14575 https://access.redhat.com/security/cve/CVE-2020-14576 https://access.redhat.com/security/cve/CVE-2020-14586 https://access.redhat.com/security/cve/CVE-2020-14597 https://access.redhat.com/security/cve/CVE-2020-14614 https://access.redhat.com/security/cve/CVE-2020-14619 https://access.redhat.com/security/cve/CVE-2020-14620 https://access.redhat.com/security/cve/CVE-2020-14623 https://access.redhat.com/security/cve/CVE-2020-14624 https://access.redhat.com/security/cve/CVE-2020-14631 https://access.redhat.com/security/cve/CVE-2020-14632 https://access.redhat.com/security/cve/CVE-2020-14633 https://access.redhat.com/security/cve/CVE-2020-14634 https://access.redhat.com/security/cve/CVE-2020-14641 https://access.redhat.com/security/cve/CVE-2020-14643 https://access.redhat.com/security/cve/CVE-2020-14651 https://access.redhat.com/security/cve/CVE-2020-14654 https://access.redhat.com/security/cve/CVE-2020-14656 https://access.redhat.com/security/cve/CVE-2020-14663 https://access.redhat.com/security/cve/CVE-2020-14678 https://access.redhat.com/security/cve/CVE-2020-14680 https://access.redhat.com/security/cve/CVE-2020-14697 https://access.redhat.com/security/cve/CVE-2020-14702 https://access.redhat.com/security/cve/CVE-2020-14725 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX19oUNzjgjWX9erEAQifaw/8DTIXqUrqB9JegebbhGZrz6hOg/2qF4k6 HdSLuHG/ol9x2QeQ/4BrJj3z5v6hfWVVe0NpkSkQbev9Qboe6aKXUKO5Lt+E31eG Ig7poBL0WjvBx7HrI1IJaaP9S1jwo9xOD4Vo8Kz7nS2/3eAn4opPSng7UTkiY5QX UHm8WBRF0oQZcxKdk4Rpbg/etJ50p1wQJThpSqYyERd0Vz5IOpje/BXEsmpZaE22 PEXBuSnh7XH+MVzkJHMyBRjEMBy+Lz3LM5kkScnyT8sg3cuvL6N5GoYXI993QBNp /C4hs2YDS/MQnSGL4YEbrasToj3PjPj7lXhfuAvPZ7vtF6xo35lbt3QREe4kn1WT wfCDIKUE4bRlVU0ayooCp8qU2LYFPsOS6LNWuO6PfuhLdaOw9GqRULzR5wcSAXeQ 3wVCqRmYfXBg4kLnDBm9tnkIBKvGKeTWh1ERA8m0SQ4h44lrVrloDT8lAyl4w8HT ge9E4w8J9afOioCbd3x27vme5rfrcOaO3VYLbBQysXyED9IV9jAHd5DL4ABxMmrD 6OI376+V1RmVbmWQcT5nXf8ggFjCl+y30b4N0ttKR9jWHH76NaYCwFGd5wxhM5b8 Mc8gJdNgV8A2O5ASoGuL0tV65gMOVGk8AzraABbOwwF+tGWjGu3C3/LPh8eUA1Qy ohCJYNSMA1Q=F0vQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.