Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2,428 articles for you...
98

Red Hat RHSA-2001:110-05 Critical: Setserial Insecure Temp File Advisory

The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-2.17-4 and earlier versions are affected. . ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Insecure setserial initscript Advisory ID: RHSA-2001:110-05 Issue date: 2001-09-12 Updated on: 2001-09-19 Product: Red Hat Linux Keywords: setserial initscript temporary file Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-2.17-4 and earlier versions are affected. If you have not recompiled your kernel, this issue does not affect you. To check if you are affected by this issue, use the following command: /bin/ls /etc/rc.d/init.d/serial If this gives the output '/etc/rc.d/init.d/serial' then the initscript has been manually installed. In this case use the following command: /sbin/modprobe -l | grep '/serial.o' If this command gives output, you are affected by this issue. 2. Relevant releases/architectures: 3. Problem description: The setserial package comes with an initscript in the documentation directory. If this initscript is manually copied into the init.d directory structure and enabled, and the kernel is recompiled to have modular serial port support, then the initscript will use a predictable temporary file name. There are a number of other bugs that also prevent the initscript from working correctly in this situation (detailed in bugzilla bug #52862). 4. Solution: Do not use the initscript supplied with setserial. To disable it, use the following command: /sbin/chkconfig serialoff Alternatively, if your system needs manual adjustment of its serial port settings and you wish to have those adjustments re-applied automatically on boot, be sure to use a kernel that has non-modular serial port support, such as those supplied by Red Hat, Inc. 5. Bug IDs fixed ( for more info): 6. RPMs required: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Bugzilla bug #52862, at: https://bugzilla.redhat.com/show_bug.cgi Copyright(c) 2000, 2001 Red Hat, Inc. ` . Investigating a critical flaw within the Red Hat setserial initialization script, which raises security issues due to the generation of predictable temporary files.. Red Hat Security, Insecure Script Advisory, Setserial Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 16, 2023 Critical Red Hat
98

RedHat OpenShift Serverless 1.30.1 RHSA-2023-5479-01 Critical HTTP Issue

Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Release of OpenShift Serverless Client kn 1.30.1 security update Advisory ID: RHSA-2023:5479-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2023:5479 Issue date: 2023-10-05 CVE Names: CVE-2023-4853 ===================================================================== 1. Summary: Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. This release includes security and bug fixes, and enhancements. Security Fix(es): * quarkus: HTTP security policy bypass (CVE-2023-4853) For further information about CVE-2023-4853, see the Red Hat Security Bulletin linked to in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously releasederrata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass 6. Package List: Openshift Serverless 1 on RHEL 8Base: Source: openshift-serverless-clients-1.9.2-3.el8.src.rpm ppc64le: openshift-serverless-clients-1.9.2-3.el8.ppc64le.rpm s390x: openshift-serverless-clients-1.9.2-3.el8.s390x.rpm x86_64: openshift-serverless-clients-1.9.2-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4853 https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHypFAAoJENzjgjWX9erE8dYP/0f2bxOTsczhrQ+AB4503Rl0 roHKG2ZfmKrhNfNCL1v6POQ0iXQryhxU0Uv3t3Vp25dzy5JZyiUoVwugKLkkrISs iFxReqOp336nDs9OIUSMgmMMSYRbhiteMpSR/Z0dFH/kTqsEHHa0YaneVq0x0y8w 2A4oG01A8vAX5WwJJmemIrsJn5ygRm9unKNO2SRleM5Wjbt1gV5ufpKxfY4PvaR+ Z7H7CmqC1A7hzDmZRyGBv8ScKTlBT1fJomBqhEMHSi2PrfH9D4rvGIi+CTF0r30n 3wAaH6CukubiPBms7FEQV5Bgt6XDdtUV7FWaKVLaPjPhboUXKCwGE2gwUkZXp7Wt cV+Uk5NP9/60WYf6WIcqentfy8yARX0Vackh0hIm2YgIXphZ1Oa49Y4KU2lQcijy FXa3CYspd34BNxi96B6WhjYm7LQVPl4zKpeP3PquS1HJNnyOOgH7vtARZGaxn3GK vNMcnP+rUD7sucDicy5fsRF6Fq0wIZHSr0iXSmwc+2YmzSPgRdl0nYXb+0Z0j8Wj IdoHBRifgsHcLjABfeyPqV83fEYXv+dxR5GHgmxrulbw/AdkubYE7koFcgPiFQtB INQM+pfSh8jvieS2ksLvVVTNtj23EPjhmoyCErR1DniUOMhT/8d8ZUuIeVP+p7E9 ONO2EX/B4jH2twYWiKbW =VuSI -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . OpenShift Serverless Version 1.30.1 Launches with Critical Security Fix Addressing HTTP Policy Circumvention Issues.. OpenShift Security Update, RedHat Serverless, Important Security Release. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 05, 2023 Important Red Hat
98

Red Hat Enterprise Linux 8.6 RHSA-2023-5473-01 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2023:5473-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5473 Issue date: 2023-10-05 CVE Names: CVE-2023-3341 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2239621 - CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): aarch64: bind-9.11.36-3.el8_6.5.aarch64.rpm bind-chroot-9.11.36-3.el8_6.5.aarch64.rpm bind-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-debugsource-9.11.36-3.el8_6.5.aarch64.rpm bind-devel-9.11.36-3.el8_6.5.aarch64.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-lite-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-lite-devel-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-devel-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-libs-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-utils-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-sdb-9.11.36-3.el8_6.5.aarch64.rpm bind-sdb-chroot-9.11.36-3.el8_6.5.aarch64.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-utils-9.11.36-3.el8_6.5.aarch64.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm noarch: bind-license-9.11.36-3.el8_6.5.noarch.rpm python3-bind-9.11.36-3.el8_6.5.noarch.rpm ppc64le: bind-9.11.36-3.el8_6.5.ppc64le.rpm bind-chroot-9.11.36-3.el8_6.5.ppc64le.rpm bind-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-debugsource-9.11.36-3.el8_6.5.ppc64le.rpm bind-devel-9.11.36-3.el8_6.5.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-lite-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-lite-devel-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-devel-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-libs-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-utils-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-sdb-9.11.36-3.el8_6.5.ppc64le.rpm bind-sdb-chroot-9.11.36-3.el8_6.5.ppc64le.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-utils-9.11.36-3.el8_6.5.ppc64le.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm s390x: bind-9.11.36-3.el8_6.5.s390x.rpm bind-chroot-9.11.36-3.el8_6.5.s390x.rpm bind-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-debugsource-9.11.36-3.el8_6.5.s390x.rpm bind-devel-9.11.36-3.el8_6.5.s390x.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-libs-9.11.36-3.el8_6.5.s390x.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-libs-lite-9.11.36-3.el8_6.5.s390x.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-lite-devel-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-devel-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-libs-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-utils-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-sdb-9.11.36-3.el8_6.5.s390x.rpm bind-sdb-chroot-9.11.36-3.el8_6.5.s390x.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-utils-9.11.36-3.el8_6.5.s390x.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.s390x.rpm x86_64: bind-9.11.36-3.el8_6.5.x86_64.rpm bind-chroot-9.11.36-3.el8_6.5.x86_64.rpm bind-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-debugsource-9.11.36-3.el8_6.5.i686.rpm bind-debugsource-9.11.36-3.el8_6.5.x86_64.rpm bind-devel-9.11.36-3.el8_6.5.i686.rpm bind-devel-9.11.36-3.el8_6.5.x86_64.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-9.11.36-3.el8_6.5.i686.rpm bind-libs-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-lite-9.11.36-3.el8_6.5.i686.rpm bind-libs-lite-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-lite-devel-9.11.36-3.el8_6.5.i686.rpm bind-lite-devel-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-devel-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-devel-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-libs-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-libs-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-utils-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-sdb-9.11.36-3.el8_6.5.x86_64.rpm bind-sdb-chroot-9.11.36-3.el8_6.5.x86_64.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-utils-9.11.36-3.el8_6.5.x86_64.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS(v.8.6): Source: bind-9.11.36-3.el8_6.5.src.rpm aarch64: bind-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-debugsource-9.11.36-3.el8_6.5.aarch64.rpm bind-export-devel-9.11.36-3.el8_6.5.aarch64.rpm bind-export-libs-9.11.36-3.el8_6.5.aarch64.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.aarch64.rpm ppc64le: bind-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-debugsource-9.11.36-3.el8_6.5.ppc64le.rpm bind-export-devel-9.11.36-3.el8_6.5.ppc64le.rpm bind-export-libs-9.11.36-3.el8_6.5.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.ppc64le.rpm s390x: bind-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-debugsource-9.11.36-3.el8_6.5.s390x.rpm bind-export-devel-9.11.36-3.el8_6.5.s390x.rpm bind-export-libs-9.11.36-3.el8_6.5.s390x.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.s390x.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.s390x.rpm x86_64: bind-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-debugsource-9.11.36-3.el8_6.5.i686.rpm bind-debugsource-9.11.36-3.el8_6.5.x86_64.rpm bind-export-devel-9.11.36-3.el8_6.5.i686.rpm bind-export-devel-9.11.36-3.el8_6.5.x86_64.rpm bind-export-libs-9.11.36-3.el8_6.5.i686.rpm bind-export-libs-9.11.36-3.el8_6.5.x86_64.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-export-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-libs-lite-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-sdb-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.i686.rpm bind-utils-debuginfo-9.11.36-3.el8_6.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-3341 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHtXbAAoJENzjgjWX9erELDoP/Rtfd/Sddlpkxf2l4nxE+jdk aIw+Y6P0PEPagYgJAIVH5LNSFRYiDJdFUQiPJ18bdNEKVglRVyjaJVKTXgc4g6SJ uIlxarHsvJBFUA7gu7Zn+DDtO61A7adzTjwjoy3pxa0JD2kTLGhXpTCWlxXpgcRP g7nlVLCTCn17B4qxR5nDz/TZ/BNeiVV1QGlDhkiuhgJ0wU4EYH/ylsCke2UZDLfw X6kEObeeOQQDQTZB0GBv+IDInPs6Yf1V5T39Vr6uEalgkRmc8XCuPmt/Hdgwugt2 CSJ0ewBPdcMIdwC5qmn6JC4Venmpj2Yk7eskiKJZEnDef3Rj2dcIlXcD8hFZMp+6 r45mTzg5XXO4IFjB0kxACLcg98pvAvCXfuquTs0OlrelmRrcxFKCjAoDndYZk9gh m0iQhFA/1x43gDQWnhk98TfbifxOC4bbK8jdSx8d9hFr4qd8HewGuk9LN+9ErXO4 CTA130bS3wtqB6CbUZCQjVhNPnJe6brcdSRbYNA7aIgjIRaj+Tl2mJyyPWcXb0PQ E5aM1eIxhzhptoJLvWGArxuhZg+EfjR0Pmoqf63MVSscIQBg7hdg2zenrFufocxA Q6P36koYpLtc9iLR/jIosUARRCZpMKNn/y5s6OwlTwosIJwc1oyyFiL9mCJqWf3U zNlStvvlTRP8ZKK35hWb =357i -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat issues a critical advisory for a bind security patch on RHEL 8.6 to mitigate possible DoS vulnerabilities.. RedHat Security Advisory, Bind Update, DoS Risk, RHEL Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 05, 2023 Important Red Hat
98

Red Hat: RHSA-2023-5474-01 Important: BIND Stack Exhaustion DoS

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2023:5474-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5474 Issue date: 2023-10-05 CVE Names: CVE-2023-3341 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2239621 - CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: bind-9.11.36-8.el8_8.2.aarch64.rpm bind-chroot-9.11.36-8.el8_8.2.aarch64.rpm bind-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-debugsource-9.11.36-8.el8_8.2.aarch64.rpm bind-devel-9.11.36-8.el8_8.2.aarch64.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-lite-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-lite-devel-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-devel-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-libs-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-utils-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-sdb-9.11.36-8.el8_8.2.aarch64.rpm bind-sdb-chroot-9.11.36-8.el8_8.2.aarch64.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-utils-9.11.36-8.el8_8.2.aarch64.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm noarch: bind-license-9.11.36-8.el8_8.2.noarch.rpm python3-bind-9.11.36-8.el8_8.2.noarch.rpm ppc64le: bind-9.11.36-8.el8_8.2.ppc64le.rpm bind-chroot-9.11.36-8.el8_8.2.ppc64le.rpm bind-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-debugsource-9.11.36-8.el8_8.2.ppc64le.rpm bind-devel-9.11.36-8.el8_8.2.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-lite-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-lite-devel-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-devel-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-libs-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-utils-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-sdb-9.11.36-8.el8_8.2.ppc64le.rpm bind-sdb-chroot-9.11.36-8.el8_8.2.ppc64le.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-utils-9.11.36-8.el8_8.2.ppc64le.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm s390x: bind-9.11.36-8.el8_8.2.s390x.rpm bind-chroot-9.11.36-8.el8_8.2.s390x.rpm bind-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-debugsource-9.11.36-8.el8_8.2.s390x.rpm bind-devel-9.11.36-8.el8_8.2.s390x.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-libs-9.11.36-8.el8_8.2.s390x.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-libs-lite-9.11.36-8.el8_8.2.s390x.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-lite-devel-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-devel-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-libs-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-utils-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-sdb-9.11.36-8.el8_8.2.s390x.rpm bind-sdb-chroot-9.11.36-8.el8_8.2.s390x.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-utils-9.11.36-8.el8_8.2.s390x.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.s390x.rpm x86_64: bind-9.11.36-8.el8_8.2.x86_64.rpm bind-chroot-9.11.36-8.el8_8.2.x86_64.rpm bind-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-debugsource-9.11.36-8.el8_8.2.i686.rpm bind-debugsource-9.11.36-8.el8_8.2.x86_64.rpm bind-devel-9.11.36-8.el8_8.2.i686.rpm bind-devel-9.11.36-8.el8_8.2.x86_64.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-9.11.36-8.el8_8.2.i686.rpm bind-libs-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-lite-9.11.36-8.el8_8.2.i686.rpm bind-libs-lite-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-lite-devel-9.11.36-8.el8_8.2.i686.rpm bind-lite-devel-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-devel-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-devel-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-libs-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-libs-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-utils-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-sdb-9.11.36-8.el8_8.2.x86_64.rpm bind-sdb-chroot-9.11.36-8.el8_8.2.x86_64.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-utils-9.11.36-8.el8_8.2.x86_64.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: bind-9.11.36-8.el8_8.2.src.rpm aarch64: bind-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-debugsource-9.11.36-8.el8_8.2.aarch64.rpm bind-export-devel-9.11.36-8.el8_8.2.aarch64.rpm bind-export-libs-9.11.36-8.el8_8.2.aarch64.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.aarch64.rpm ppc64le: bind-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-debugsource-9.11.36-8.el8_8.2.ppc64le.rpm bind-export-devel-9.11.36-8.el8_8.2.ppc64le.rpm bind-export-libs-9.11.36-8.el8_8.2.ppc64le.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.ppc64le.rpm s390x: bind-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-debugsource-9.11.36-8.el8_8.2.s390x.rpm bind-export-devel-9.11.36-8.el8_8.2.s390x.rpm bind-export-libs-9.11.36-8.el8_8.2.s390x.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.s390x.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.s390x.rpm x86_64: bind-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-debugsource-9.11.36-8.el8_8.2.i686.rpm bind-debugsource-9.11.36-8.el8_8.2.x86_64.rpm bind-export-devel-9.11.36-8.el8_8.2.i686.rpm bind-export-devel-9.11.36-8.el8_8.2.x86_64.rpm bind-export-libs-9.11.36-8.el8_8.2.i686.rpm bind-export-libs-9.11.36-8.el8_8.2.x86_64.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-export-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-libs-lite-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-libs-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-pkcs11-utils-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-sdb-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.i686.rpm bind-utils-debuginfo-9.11.36-8.el8_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-3341 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHtXVAAoJENzjgjWX9erEDgsP/ibYQYE6OLcjkbkNUcnQCWo8 Zs4ZPTsJDH5YLtXGmiy8Bi7zOuQO1GYyj17dYbNtBJ+97xcbPgSBkvkMvVQ26y+I p1zn+jsiaos7sjhzRfH5LWcwjL+K1f3kJ6CW994jwkObu3UA+KDJOrgSorlbkul/ tV+t+6Flv6pOKMEFhQ6A+2Y1/0AJd2YUPWeK5Kk60sSZYEfHhQz0P7+YXLrMZmKl t5w3zFH1aOMV2NQfqorRPtJiVqFpvGwy6vL6sF9BhRikmpgrBmTlQlMTb7c0P0dn gTR9jFi4Q9z3wskZYP4fxTp3TKoacD5vDBK/L4Crer5S4IbTBjKJV3zD/pEAz40O pBz+wg52wFmy4eUCuvUXublETJHmssjNzgzBi1RVZMuc8DSFvkdUZKWesXY/4Fd9 MSMLYso2T0XELPqPct6JoTedD9O6WpdWG62w+kQ5UmN+dk0W1crklK8HChB7eHhS 5QPuJ7WZTACM+HT7pfmLT14+RBsauOwW+V57M8jDBi2cJnvd4KxpiMoLz8PkInt7 16cz3knBcVcI7onS11Z+3qtQirbm5M9McGzy0bZaCuTnAFjcdCx4Bwd+oHeXaUyN ISkqUsHpkuPNRGA6pKNYx/p9wRaIXO8KLbXt4IQQJgV0+yijXnttw/5zQpN31skQ wrWHr/pI5xuw0XKNIq7/ =aVDb -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical security patch for BIND on Red Hat Enterprise Linux addresses stack overflow issues and denial-of-service threats.. Red Hat, BIND, Security Update, Enterprise Linux, DoS Threat. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 05, 2023 Important Red Hat
98

RHEL 9: RHSA-2023:5459-01 Important: Ghostscript OS Command Injection

An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ghostscript security update Advisory ID: RHSA-2023:5459-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5459 Issue date: 2023-10-05 CVE Names: CVE-2023-36664 ===================================================================== 1. Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices (CVE-2023-36664) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2217798 - CVE-2023-36664 ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: ghostscript-9.54.0-10.el9_2.src.rpm aarch64: ghostscript-9.54.0-10.el9_2.aarch64.rpm ghostscript-debuginfo-9.54.0-10.el9_2.aarch64.rpm ghostscript-debugsource-9.54.0-10.el9_2.aarch64.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.aarch64.rpm ghostscript-tools-dvipdf-9.54.0-10.el9_2.aarch64.rpm ghostscript-tools-fonts-9.54.0-10.el9_2.aarch64.rpm ghostscript-tools-printing-9.54.0-10.el9_2.aarch64.rpm ghostscript-x11-9.54.0-10.el9_2.aarch64.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.aarch64.rpm libgs-9.54.0-10.el9_2.aarch64.rpm libgs-debuginfo-9.54.0-10.el9_2.aarch64.rpm noarch: ghostscript-doc-9.54.0-10.el9_2.noarch.rpm ppc64le: ghostscript-9.54.0-10.el9_2.ppc64le.rpm ghostscript-debuginfo-9.54.0-10.el9_2.ppc64le.rpm ghostscript-debugsource-9.54.0-10.el9_2.ppc64le.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.ppc64le.rpm ghostscript-tools-dvipdf-9.54.0-10.el9_2.ppc64le.rpm ghostscript-tools-fonts-9.54.0-10.el9_2.ppc64le.rpm ghostscript-tools-printing-9.54.0-10.el9_2.ppc64le.rpm ghostscript-x11-9.54.0-10.el9_2.ppc64le.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.ppc64le.rpm libgs-9.54.0-10.el9_2.ppc64le.rpm libgs-debuginfo-9.54.0-10.el9_2.ppc64le.rpm s390x: ghostscript-9.54.0-10.el9_2.s390x.rpm ghostscript-debuginfo-9.54.0-10.el9_2.s390x.rpm ghostscript-debugsource-9.54.0-10.el9_2.s390x.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.s390x.rpm ghostscript-tools-dvipdf-9.54.0-10.el9_2.s390x.rpm ghostscript-tools-fonts-9.54.0-10.el9_2.s390x.rpm ghostscript-tools-printing-9.54.0-10.el9_2.s390x.rpm ghostscript-x11-9.54.0-10.el9_2.s390x.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.s390x.rpm libgs-9.54.0-10.el9_2.s390x.rpm libgs-debuginfo-9.54.0-10.el9_2.s390x.rpm x86_64: ghostscript-9.54.0-10.el9_2.x86_64.rpm ghostscript-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-debuginfo-9.54.0-10.el9_2.x86_64.rpm ghostscript-debugsource-9.54.0-10.el9_2.i686.rpm ghostscript-debugsource-9.54.0-10.el9_2.x86_64.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.x86_64.rpm ghostscript-tools-dvipdf-9.54.0-10.el9_2.x86_64.rpm ghostscript-tools-fonts-9.54.0-10.el9_2.x86_64.rpm ghostscript-tools-printing-9.54.0-10.el9_2.x86_64.rpm ghostscript-x11-9.54.0-10.el9_2.x86_64.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.x86_64.rpm libgs-9.54.0-10.el9_2.i686.rpm libgs-9.54.0-10.el9_2.x86_64.rpm libgs-debuginfo-9.54.0-10.el9_2.i686.rpm libgs-debuginfo-9.54.0-10.el9_2.x86_64.rpm Red Hat Enterprise Linux CRB (v.9): aarch64: ghostscript-debuginfo-9.54.0-10.el9_2.aarch64.rpm ghostscript-debugsource-9.54.0-10.el9_2.aarch64.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.aarch64.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.aarch64.rpm libgs-debuginfo-9.54.0-10.el9_2.aarch64.rpm libgs-devel-9.54.0-10.el9_2.aarch64.rpm ppc64le: ghostscript-debuginfo-9.54.0-10.el9_2.ppc64le.rpm ghostscript-debugsource-9.54.0-10.el9_2.ppc64le.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.ppc64le.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.ppc64le.rpm libgs-debuginfo-9.54.0-10.el9_2.ppc64le.rpm libgs-devel-9.54.0-10.el9_2.ppc64le.rpm s390x: ghostscript-debuginfo-9.54.0-10.el9_2.s390x.rpm ghostscript-debugsource-9.54.0-10.el9_2.s390x.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.s390x.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.s390x.rpm libgs-debuginfo-9.54.0-10.el9_2.s390x.rpm libgs-devel-9.54.0-10.el9_2.s390x.rpm x86_64: ghostscript-9.54.0-10.el9_2.i686.rpm ghostscript-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-debuginfo-9.54.0-10.el9_2.x86_64.rpm ghostscript-debugsource-9.54.0-10.el9_2.i686.rpm ghostscript-debugsource-9.54.0-10.el9_2.x86_64.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-gtk-debuginfo-9.54.0-10.el9_2.x86_64.rpm ghostscript-tools-fonts-9.54.0-10.el9_2.i686.rpm ghostscript-tools-printing-9.54.0-10.el9_2.i686.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.i686.rpm ghostscript-x11-debuginfo-9.54.0-10.el9_2.x86_64.rpm libgs-debuginfo-9.54.0-10.el9_2.i686.rpm libgs-debuginfo-9.54.0-10.el9_2.x86_64.rpm libgs-devel-9.54.0-10.el9_2.i686.rpm libgs-devel-9.54.0-10.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-36664 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHtW/AAoJENzjgjWX9erEzTYP/Rxu6j7kaq1Es1kR2Uljdb0t kB4cZPAe4Xh6xb7LG+j4gGUC4dtW+7dcRkdUtT8TFJDN2zukebDye6c8/3gzxCnB CViSHv/wLdQBfo4uhhxoElKWTKOBzcqrEFcdr70zvNNQRVr7HzAStbqpoCm/SajM Zena9VKJAgtZ+LxUq+2sBmVQ4NQgFevBaB1um5Qy53xDnV6YOGY1yW/8Wtxaf9ed VurIMNi3r0I77U8uGUVgd/HN3iE2jddqSWOxT6U9h8MG5TCP/gIQ0SAdlg2W4EQQ 5y1gMXLOWax2ySPb4Wehl9fdN90dz4cAam1YNaSiMQRfVKDVkrny9QNq8rUWsvPh yXNwoNR9S8TdDQsPswjJFetE8G1ijiRHj3oYf2os6jQ1iaAFiHp9GPVFyEeENRcf ivhLdiJuyVAyjzd1SYLZpKz8EfSYp7D+s53tqJvr3cHL2tfa0oYsVDg22JmT10wJ zCn0BIU/SfZn5TYp6QTZxuSLoCyX5hYKnjqxiwBgFNMNu5qGpPT3Z0aZ0BuRGS41 Zj18w5VeGZwnQx1rH9tO4UYIAFvAS9oJB1iYEkA1Tjuj15NDG/QyxbvNngbvD90m geL3R1gq+XwN/a9LJLCOEXzpa3i8BgF/gVbGl/n783581ZB96Cnl2GHZ+aLt1Hi4 BLiftePwnI7gxJcGVcIR =3HAx -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerability fix released for Ghostscript in Red Hat Enterprise Linux 9 addressing command execution flaw.. Ghostscript Update, Red Hat Enterprise, OS Command Injection, Important Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 05, 2023 Important Red Hat
98

Red Hat: RHSA-2023:5446-01 Important: OptaPlanner HTTP Policy Bypass

Red Hat build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Build of OptaPlanner 8.38.0 SP1 Advisory ID: RHSA-2023:5446-01 Product: Red Hat build of OptaPlanner Advisory URL: https://access.redhat.com/errata/RHSA-2023:5446 Issue date: 2023-10-04 CVE Names: CVE-2023-4853 ===================================================================== 1. Summary: Red Hat build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Release of Red Hat build of OptaPlanner 8.38.0 SP1 This release includes security fixes. Security Fix(es): * org.kie.kogito-kogito-apps: quarkus: HTTP security policy bypass (CVE-2023-4853) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass 5. References: https://access.redhat.com/security/cve/CVE-2023-4853 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHdiIAAoJENzjgjWX9erEHWMP+wZBfZ+ZvAFMsjKwVgya6Q81 Z2QgItsc42kY/BSA0bEN8ntMs970onO2A8kI1OSi03ABugtyWT3k0V55UmpxuJZd SDpsdfgYxMCFRljUYzT0Z5u3iMTlN0eS/PKG/3X6L3M7DTfHHvbmNWutGAFM8S1y lJf8lyFHPzP6lGSVzralmppFhiZddsniEZbrGudV9so/splybAutRLMIZRyE744l dvDrEDyIFr+uG6UC+T+Fi1czj7BCNGJVOmEH3oTDAXnEUJCs+GFRwAcRzbaPpOnL FdvgS1t60FLiNjfwa3RfWXB21mw5jvIktqWuvUakuAiQD8ERULOOot9cqNLv6J9F DjKYKZY1WeR0GcqtmR/YWRVSqCpFMFril999FwHSAaSHzxLUv2dM7+UdIf/sLXoa RJFxhMv2NuC58pTWKgpXMbRT1Ik6PJawcwGz6eBi1XY3iFNGxWdnO/+76Gc+F34q R5bpyGS736V3yujHkZ9ucIAyWz0oEmGiZ3MomLqdAwL+cok4R247d/5/I5fmPYyk 1W+GORmOpr8iHFRythNpGXxkToUx9OyO5xd/6VSpsraRt8KWsNwS8Jht3o8DtC+c Ub71d64JqyKYNvWInJmhbfNeXBXPbbelikNWm0yWwe8h6u9e+I06pZJTnzSXT3SR bU+anCGr0RTy7THHUnjt =W+I2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat OptaPlanner 8.38.0 SP1 resolves significant security vulnerabilities, including HTTP policy circumvention. Discover further details about this release.. OptaPlanner Update, Red Hat Security, Quarkus Release, HTTP Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 04, 2023 Important Red Hat
98

Red Hat: RHSA-2023:5432-01 Important: Thunderbird Critical Security Issues

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:5432-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5432 Issue date: 2023-10-04 CVE Names: CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64 Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64 Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx(CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2222652 - CVE-2023-3600 firefox: use-after-free in workers 2240893 - CVE-2023-5169 Mozilla: Out-of-bounds write in PathOps 2240894 - CVE-2023-5171 Mozilla: Use-after-free in Ion Compiler 2240896 - CVE-2023-5176 Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx 6. Package List: Red Hat Enterprise Linux AppStream AUS (v. 8.2): Source: thunderbird-115.3.1-1.el8_2.src.rpm x86_64: thunderbird-115.3.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-115.3.1-1.el8_2.x86_64.rpm thunderbird-debugsource-115.3.1-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream E4S (v. 8.2): Source: thunderbird-115.3.1-1.el8_2.src.rpm ppc64le: thunderbird-115.3.1-1.el8_2.ppc64le.rpm thunderbird-debuginfo-115.3.1-1.el8_2.ppc64le.rpm thunderbird-debugsource-115.3.1-1.el8_2.ppc64le.rpm x86_64: thunderbird-115.3.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-115.3.1-1.el8_2.x86_64.rpm thunderbird-debugsource-115.3.1-1.el8_2.x86_64.rpm Red Hat Enterprise Linux AppStream TUS (v. 8.2): Source: thunderbird-115.3.1-1.el8_2.src.rpm x86_64: thunderbird-115.3.1-1.el8_2.x86_64.rpm thunderbird-debuginfo-115.3.1-1.el8_2.x86_64.rpm thunderbird-debugsource-115.3.1-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-3600 https://access.redhat.com/security/cve/CVE-2023-5169 https://access.redhat.com/security/cve/CVE-2023-5171 https://access.redhat.com/security/cve/CVE-2023-5176 https://access.redhat.com/security/cve/CVE-2023-5217 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIbBAEBCAAGBQJlHYSdAAoJENzjgjWX9erERhUP+IU6HswNoVLOADY+RQmrYZWz OAESZ7lXdPncYiEc/9sHO95aMA+zrEknjv8kFZOuUnNOlYUTHXFQU2eOqJB0t8xL vuzAMP+oJZUhUBYxZR4xdL9+JmpnFfhUkK+wvAI7D6coAbv30gLMUhgFDSQYTxF+ YB4OWSj6fcLyVZLuXXlz4T+2mJD9luCWGhx4TjhsLJJ8l7sIvKJMhVfGg46e51Cw gXtArCJN+G98abQNqQmWC82QR+CS9v38JyD+drngXx/MrT0zYjvnGH81+gS+D2MY mvjRfuNCgr7jtfe3K5uGs68y/4cylsAx94BrTkbuNOrySiI6bYoHHIrGymamhRoE /xgJ1FVk6+YA2ARBWK8x0mtYHC+tz84UuTl5G+vPPsi8XkcmZdIykdrd22LfgtW5 BgtUgRLOSWrvzsfgMzRCLUIh0tNmi+IZkTvkxQj03k4pg3GTocpJbEE9RAM4cklS DcPMfM+z/BhjA9ZjCEjsASFtSS04mF0WVdwOUPOHXPiYU3w3atijF7NboigVtLJT OMQo7gxoyqXGQt0muzRy8zQlFI9+TcsAQVia+IiwNcrTDDTghwQudCjAUPPhkEaz ktAUUJgcJGw8VLgyaAlwgR4nWhFrnKo2Uss28/qJvjMYZSEnPlPi/o9xNLpU1bBb qC7Yn4EhoLM/gkiwi/g= =m233 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Significant announcement regarding Thunderbird for Red Hat, targeting numerous severe vulnerabilities and memory stability problems.. Thunderbird Update, Red Hat Security, Memory Safety, Enterprise Linux. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 04, 2023 Important Red Hat
98

RedHat 8.6 RHSA-2023-5430-01 Important: Thunderbird Security Update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:5430-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5430 Issue date: 2023-10-04 CVE Names: CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2222652 - CVE-2023-3600 firefox: use-after-free in workers 2240893 - CVE-2023-5169 Mozilla: Out-of-bounds write in PathOps 2240894 - CVE-2023-5171 Mozilla: Use-after-free in Ion Compiler 2240896 - CVE-2023-5176 Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): Source: thunderbird-115.3.1-1.el8_6.src.rpm aarch64: thunderbird-115.3.1-1.el8_6.aarch64.rpm thunderbird-debuginfo-115.3.1-1.el8_6.aarch64.rpm thunderbird-debugsource-115.3.1-1.el8_6.aarch64.rpm ppc64le: thunderbird-115.3.1-1.el8_6.ppc64le.rpm thunderbird-debuginfo-115.3.1-1.el8_6.ppc64le.rpm thunderbird-debugsource-115.3.1-1.el8_6.ppc64le.rpm s390x: thunderbird-115.3.1-1.el8_6.s390x.rpm thunderbird-debuginfo-115.3.1-1.el8_6.s390x.rpm thunderbird-debugsource-115.3.1-1.el8_6.s390x.rpm x86_64: thunderbird-115.3.1-1.el8_6.x86_64.rpm thunderbird-debuginfo-115.3.1-1.el8_6.x86_64.rpm thunderbird-debugsource-115.3.1-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-3600 https://access.redhat.com/security/cve/CVE-2023-5169 https://access.redhat.com/security/cve/CVE-2023-5171 https://access.redhat.com/security/cve/CVE-2023-5176 https://access.redhat.com/security/cve/CVE-2023-5217 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHYRfAAoJENzjgjWX9erEj4MQAIiEIpur9+uZXMGGInH5Ae1t r9WNGBD6Q7O29MIkoulRUvEST219M0tE1p5/nPd+qhbzhLkxS5PUOSc5oNADYau4 XhjMlu+6+IZ3m6/UmfOCsmHP2lJtrKJDKV2+3Z5s2AUUjSp912j0Pu4VB/PRSbVC 5yNi4+Rsy3Z8SbeCZ6rQRtVGcDq/U3ly6tJuyZ0n13lyBjkqpF1nqHEes88kRfLe hXTnHKPmR8kVzV59TzHyQY6k9fAWuW9ITF+qN00lxlX7bpzjngITGe6Ok8aEWp9g hw2gLb+yjB0oHWce+HmwNR+z45mPBLPGNhwCsE/WfjwTbqjgbJAtEid3UJkw5xZR jR4udQktOJzO30dfAi0fdIHkkVrI7A/GYtXr6DiYe3di5tlfAAe+OQnkZjbZejlz xvf8zUdJBbkRWU23a7Dyp0sPkpy8W0MyfB9RMl0mslePIEHBwIJDtsfvw2qyQzbY /8yCXI2LH8RQnwBYeOZq5ec+qy3WSSxyn2HLHgnaNxO/rqkvXlmhSeVD+4yCjGsE srTy/w5nocMMpWcBnHo2QaJ2KC2b1f+2u216jkXG2dv1yNzsBLLfdT+iDlTZCbwn h/DCYTN5yHcoel7tNM6AIKpW4SAlbPtGMv0TpqMU8kOIGPZoERtTX9aeEsjmxyi1 9aJfdnUbMbGEwNcXRwRI =5rcB -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A significant security patch has been issued by Red Hat for Thunderbird in RHEL 8.6, rectifying various high-risk vulnerabilities.. Thunderbird Security Update, Important Advisory, Red Hat EUS, Security Impact, Mail Client Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 04, 2023 Important Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200