Explore top 10 tips to secure your open-source projects now. Read More
×
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: nodejs security and bug fix update Advisory ID: RHSA-2023:5532-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5532 Issue date: 2023-10-09 CVE Names: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 ===================================================================== 1. Summary: An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002) * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006) * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs: Rebase to the latest Nodejs 16 release [rhel-9](BZ#2236434) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2230948 - CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load 2230955 - CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() 2230956 - CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding 2236434 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.2.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: nodejs-16.20.2-1.el9_2.src.rpm aarch64: nodejs-16.20.2-1.el9_2.aarch64.rpm nodejs-debuginfo-16.20.2-1.el9_2.aarch64.rpm nodejs-debugsource-16.20.2-1.el9_2.aarch64.rpm nodejs-full-i18n-16.20.2-1.el9_2.aarch64.rpm nodejs-libs-16.20.2-1.el9_2.aarch64.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.aarch64.rpm npm-8.19.4-1.16.20.2.1.el9_2.aarch64.rpm noarch: nodejs-docs-16.20.2-1.el9_2.noarch.rpm ppc64le: nodejs-16.20.2-1.el9_2.ppc64le.rpm nodejs-debuginfo-16.20.2-1.el9_2.ppc64le.rpm nodejs-debugsource-16.20.2-1.el9_2.ppc64le.rpm nodejs-full-i18n-16.20.2-1.el9_2.ppc64le.rpm nodejs-libs-16.20.2-1.el9_2.ppc64le.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.ppc64le.rpm npm-8.19.4-1.16.20.2.1.el9_2.ppc64le.rpm s390x: nodejs-16.20.2-1.el9_2.s390x.rpm nodejs-debuginfo-16.20.2-1.el9_2.s390x.rpm nodejs-debugsource-16.20.2-1.el9_2.s390x.rpm nodejs-full-i18n-16.20.2-1.el9_2.s390x.rpm nodejs-libs-16.20.2-1.el9_2.s390x.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.s390x.rpm npm-8.19.4-1.16.20.2.1.el9_2.s390x.rpm x86_64: nodejs-16.20.2-1.el9_2.x86_64.rpm nodejs-debuginfo-16.20.2-1.el9_2.i686.rpm nodejs-debuginfo-16.20.2-1.el9_2.x86_64.rpm nodejs-debugsource-16.20.2-1.el9_2.i686.rpm nodejs-debugsource-16.20.2-1.el9_2.x86_64.rpm nodejs-full-i18n-16.20.2-1.el9_2.x86_64.rpm nodejs-libs-16.20.2-1.el9_2.i686.rpm nodejs-libs-16.20.2-1.el9_2.x86_64.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.i686.rpm nodejs-libs-debuginfo-16.20.2-1.el9_2.x86_64.rpm npm-8.19.4-1.16.20.2.1.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-32002 https://access.redhat.com/security/cve/CVE-2023-32006 https://access.redhat.com/security/cve/CVE-2023-32559 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlJBu/AAoJENzjgjWX9erEpbUP/0tmZb36A6M7ItCxnT56D7iN EKC0UURynvvvU2Qh/ZgSTnkkj1KfAUIc83QxKRyacPqeYlVx39iE82+IkrF8KMcq +6DDvb+fBgyelsOHiIx/s8J0OQvOjNK/tdqIP9i0SjrFDd6qlYijzA+FewQMKaSb XuYanaazxMsmGYmUNcyvlE4jP68fzqskHb9l2tC/CyPoEjH19co91lHH68aEgPRK j3cpTxme7dRFWsaPh77b99fXUSywfcNvFvhGiG3IhFlGf2eA/czkqYU4BnzaFhKK U7jJWHflgZnUAP4sQfQAoBYXrUa09hCGOTRxVTMxJ0ov3K6OSywnin2drWcQyIIt SNaDTWoQ1zkEJB6qwIi6C0eCXfUzrXv026oWCMc8epP0gSqQUYesq5f+dc2vlrfl 0gtNeuKqCEFB0MKUuD3dr9Jp1NJt/Wtd1CxIVLR109MuP10VJCD9nEkhzVbcHNp9 bJJ/qLKEioanHCekW70wdyTm7VcGvHDPlutJ+ZOUhUTV3HCzUUbw5u0IRtWa5XMf u4SZXDT6JUOlC5AcxLV7G8k021AWfp6WYorleZKaj7AC8QJfDcqiAxW1fxOEVDDt hxoC0EGJXRKGmXhNBq2XA3IUuMeEt51MHkjz9LDrITuuYBZ3+LQ/WwkwzbzWVIqs qiL8X92PSol0O/Aa3D/c =njn7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: python3.11 security update Advisory ID: RHSA-2023:5463-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5463 Issue date: 2023-10-05 CVE Names: CVE-2023-40217 ===================================================================== 1. Summary: An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2235789 - CVE-2023-40217 python: TLS handshake bypass 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: python3.11-3.11.2-2.el8_8.2.src.rpm aarch64: python3.11-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.aarch64.rpm python3.11-devel-3.11.2-2.el8_8.2.aarch64.rpm python3.11-libs-3.11.2-2.el8_8.2.aarch64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.aarch64.rpm noarch: python3.11-rpm-macros-3.11.2-2.el8_8.2.noarch.rpm ppc64le: python3.11-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debugsource-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-devel-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-libs-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-tkinter-3.11.2-2.el8_8.2.ppc64le.rpm s390x: python3.11-3.11.2-2.el8_8.2.s390x.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.s390x.rpm python3.11-debugsource-3.11.2-2.el8_8.2.s390x.rpm python3.11-devel-3.11.2-2.el8_8.2.s390x.rpm python3.11-libs-3.11.2-2.el8_8.2.s390x.rpm python3.11-tkinter-3.11.2-2.el8_8.2.s390x.rpm x86_64: python3.11-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.i686.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.i686.rpm python3.11-debugsource-3.11.2-2.el8_8.2.x86_64.rpm python3.11-devel-3.11.2-2.el8_8.2.i686.rpm python3.11-devel-3.11.2-2.el8_8.2.x86_64.rpm python3.11-libs-3.11.2-2.el8_8.2.i686.rpm python3.11-libs-3.11.2-2.el8_8.2.x86_64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.x86_64.rpm Red Hat Enterprise Linux CRB (v.8): aarch64: python3.11-debug-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.aarch64.rpm python3.11-idle-3.11.2-2.el8_8.2.aarch64.rpm python3.11-test-3.11.2-2.el8_8.2.aarch64.rpm ppc64le: python3.11-debug-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debugsource-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-idle-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-test-3.11.2-2.el8_8.2.ppc64le.rpm s390x: python3.11-debug-3.11.2-2.el8_8.2.s390x.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.s390x.rpm python3.11-debugsource-3.11.2-2.el8_8.2.s390x.rpm python3.11-idle-3.11.2-2.el8_8.2.s390x.rpm python3.11-test-3.11.2-2.el8_8.2.s390x.rpm x86_64: python3.11-3.11.2-2.el8_8.2.i686.rpm python3.11-debug-3.11.2-2.el8_8.2.i686.rpm python3.11-debug-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.i686.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.i686.rpm python3.11-debugsource-3.11.2-2.el8_8.2.x86_64.rpm python3.11-idle-3.11.2-2.el8_8.2.i686.rpm python3.11-idle-3.11.2-2.el8_8.2.x86_64.rpm python3.11-test-3.11.2-2.el8_8.2.i686.rpm python3.11-test-3.11.2-2.el8_8.2.x86_64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-40217 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHtXQAAoJENzjgjWX9erEOhsP/ReoNfsCP0hmC7S3cjL6i8Lj Ts3DyJiC3CXlMxxNUFkh27nnqSIRvSXxb/dEu/D7+zDDw7cpecXUqNA5pvikTDcj iAGVhLygOLtqzYuEqtX1BxOydIsP4jEK8e3PTs/TzgNmIhBqwoOWk/q7MCe84m1+ DMoK38WHWmpIQAuQy+icogCy3PLqXuvCzeKcQPYEiyoBfT9a6xJ5EiCEGsJzSOkx G5GoSfnLniUsBpWsXvz6bW9eJxSAmZ5Sv2UY4m0aHbTkEv/Tc+VBlR+wQoOQBIcy HHoXmhDSh8OzJejzyyupP6JB6R7NqKfEg/LG7xuD6k3c4nBYAPcvcyl/fijSAmw4 qs8S4Waeee50T8cODB5PSwkSZwVhfCuF3o9OpciXRbWwO/4cGgM2p7vFfeH57cGT hbFkXGA/4B3kVZChLuFQH/TpBtDH2VDCDlo5ct9hszZSkU9HuXkClVxscUWVB6VK UkTxgKaK6tzuQwJaWq+xXif3jGULtDbqCbWVKPb/Omp4nFlMYDwJBaW5gLkzwAK/ DcD9uTOv1HosLlTT9aj6pbb70Bu5JMyEmSla7pzFCStbgh6EFIodhnF1i3GrNrZd RODlCuY3h5YXGpzMNxjTzFvkyWMbnlvpdDi8mzTIHi0z22Jd9BcNLNd27Q5HOraT 48GSuHvaS3JTTfyBwjlE =uuGk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ImageMagick security update Advisory ID: RHSA-2023:5461-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5461 Issue date: 2023-10-05 CVE Names: CVE-2021-40211 ===================================================================== 1. Summary: An update for ImageMagick is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es): * ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed inthe References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2235480 - CVE-2021-40211 ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ImageMagick-6.9.10.68-7.el7_9.src.rpm x86_64: ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: ImageMagick-c++-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-doc-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-perl-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: ImageMagick-6.9.10.68-7.el7_9.src.rpm x86_64: ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-doc-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-perl-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: ImageMagick-6.9.10.68-7.el7_9.src.rpm ppc64: ImageMagick-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-perl-6.9.10.68-7.el7_9.ppc64.rpm ppc64le: ImageMagick-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-c++-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-perl-6.9.10.68-7.el7_9.ppc64le.rpm s390x: ImageMagick-6.9.10.68-7.el7_9.s390.rpm ImageMagick-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.s390.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-perl-6.9.10.68-7.el7_9.s390x.rpm x86_64: ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-perl-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: ImageMagick-c++-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-c++-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-devel-6.9.10.68-7.el7_9.ppc.rpm ImageMagick-devel-6.9.10.68-7.el7_9.ppc64.rpm ImageMagick-doc-6.9.10.68-7.el7_9.ppc64.rpm ppc64le: ImageMagick-c++-devel-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-devel-6.9.10.68-7.el7_9.ppc64le.rpm ImageMagick-doc-6.9.10.68-7.el7_9.ppc64le.rpm s390x: ImageMagick-c++-6.9.10.68-7.el7_9.s390.rpm ImageMagick-c++-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.s390.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.s390.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-devel-6.9.10.68-7.el7_9.s390.rpm ImageMagick-devel-6.9.10.68-7.el7_9.s390x.rpm ImageMagick-doc-6.9.10.68-7.el7_9.s390x.rpm x86_64: ImageMagick-c++-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-doc-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ImageMagick-6.9.10.68-7.el7_9.src.rpm x86_64: ImageMagick-6.9.10.68-7.el7_9.i686.rpm ImageMagick-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-c++-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-perl-6.9.10.68-7.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: ImageMagick-c++-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-c++-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.i686.rpm ImageMagick-debuginfo-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-devel-6.9.10.68-7.el7_9.i686.rpm ImageMagick-devel-6.9.10.68-7.el7_9.x86_64.rpm ImageMagick-doc-6.9.10.68-7.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-40211 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHtXAAAoJENzjgjWX9erEK80P/jAnrBPUhbR3JwVkaLwIpNqJ jlkTuNT4I6NPtNx7bxoTNTdXrFezFnHOvNpD/+nnV3gcgGp5586IFYo2p/98EWob kkAVBDu0d7V9ZfRRFob17SR95yV81EbHnYTqY0ZYywL/WHBOO0MsScUF9PX531a5 AGxoNv6m1ouhERPRFBEo2g0HwRe3xuPLALOCkFINWYsVmTTh4QKhB008s2gMTieh 9EWmZGiA0l8Yr4dDdlD0z4XsRk2CVq+DWPqjtSFFLWkJZf7yfMK562TuBtn1sz05 z8IkRGeuCDZpZ0AFG3CXBkfE60P8SDY1jh/LPxeRODzVkiFgsHF5rq/oVLUsEx6w ay+IbM/TFspc956cSig758THWUq3KoLXLsoZ28ao3SGLEPhYhDZk9NNpoF1IeETO VTr0NNanQQuxY9BMh8IbIQTgFA74s6ynitfsoWZ+TsDDg2k6TF5JRjD4ECq/LiFJ eVoRiF/O4Kbd7yekSOP4kE3sFgvBHBayKPFWKxqF0LDBj2S3ZOorVOeFSo+iyTN6 9kIJnYdhztJyha6/cMgOTWx2QsULrk1PPSmX96Ad0Ayeu/2REXUoa1Tb5A9Sor9T 2+64kCr/kwGrKya2utKmJGDAIVSrbBsMGZCjvG9OGclM1Bpqiot5svASQsDmakzd Tx+NZP8S+hZeLwwWGyrf =IQjj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:5438-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5438 Issue date: 2023-10-04 CVE Names: CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2222652 - CVE-2023-3600 firefox: use-after-free in workers 2240893 - CVE-2023-5169 Mozilla: Out-of-bounds write in PathOps 2240894 - CVE-2023-5171 Mozilla: Use-after-free in Ion Compiler 2240896 - CVE-2023-5176 Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: thunderbird-115.3.1-1.el8_1.src.rpm ppc64le: thunderbird-115.3.1-1.el8_1.ppc64le.rpm thunderbird-debuginfo-115.3.1-1.el8_1.ppc64le.rpm thunderbird-debugsource-115.3.1-1.el8_1.ppc64le.rpm x86_64: thunderbird-115.3.1-1.el8_1.x86_64.rpm thunderbird-debuginfo-115.3.1-1.el8_1.x86_64.rpm thunderbird-debugsource-115.3.1-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-3600 https://access.redhat.com/security/cve/CVE-2023-5169 https://access.redhat.com/security/cve/CVE-2023-5171 https://access.redhat.com/security/cve/CVE-2023-5176 https://access.redhat.com/security/cve/CVE-2023-5217 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHYRmAAoJENzjgjWX9erE0twP/j57U4dEN54dRtgb9DRVkNd9 2tH2nHg/JnuePH1/yjhzEvlQZNHGEnH3zIas2y7fPp4pHm0pSxRPmZXLJ4Zct1iA bBKfx1e5gofvmrsShtCmA0Ty5s1DtKvKkVqiNv8uj1feWClUj+5h4uHXR1lnexmn NNjLR6H37G201lUKs+baq8bxUXZou7nd+jvQTTdYnP2Hq2tL9XrOT77yve43ybv1 N1uiFjbZ57w+/1FVtrJ8UkUDdnesA430bnwt0FTyBwkl0wny6dVNYYHWIg21Y4Ch 3yMoer1gVQfYTvZAAwJksFWCil4WZ3rvjFXYssbCjXgbOT0gLdLxnUFhtBSFXqnN zJq++Kpg6udOusHKdHtO4WL7hWf8PcbhHldLhSSUvAAYI18rZGQhJBjAzZ6JspHo JzS35dBV4logn/JaclaB7AR/zHH/ZNrdl0DgDVkNRLP9pJAk5BHl1n/h5x6A5Y7T XC2UT5FBkR+VLU2Dkfr6E1wHxdbCwQDJxwvhRgtokP3H7eGBPSUsMGYjNq1U1smn TGg0gaEFn3p1wBkfJJdT6THk7ehF8XBW3EzEhHfBnmh13rWoGmNJuUiG0FGVxo5H rrDbp1ADFw9kSWrO5Sk12LkYDR+zm5SMGd9qZKEpHfzP0vvPZHYLG5+iexvoR2Wi 6S8zGrSdbYkfij3yxAew =wHgB -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: open-vm-tools security update Advisory ID: RHSA-2023:5217-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5217 Issue date: 2023-09-19 CVE Names: CVE-2023-20900 ===================================================================== 1. Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2236542 - CVE-2023-20900 open-vm-tools: SAML token signature bypass 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: open-vm-tools-11.0.5-3.el7_9.7.src.rpm x86_64: open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-devel-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-test-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: open-vm-tools-11.0.5-3.el7_9.7.src.rpm x86_64: open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-devel-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-test-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: open-vm-tools-11.0.5-3.el7_9.7.src.rpm x86_64: open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-devel-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-test-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: open-vm-tools-11.0.5-3.el7_9.7.src.rpm x86_64: open-vm-tools-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-desktop-11.0.5-3.el7_9.7.x86_64.rpm Red Hat Enterprise Linux WorkstationOptional (v. 7): x86_64: open-vm-tools-debuginfo-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-devel-11.0.5-3.el7_9.7.x86_64.rpm open-vm-tools-test-11.0.5-3.el7_9.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-20900 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCWlmAAoJENzjgjWX9erEPS8P/i8WPrzZQO9inFCO+eay+rbA VeU/qq1n87Hn0p6M1hGsgiuAHLbZRUDQXamcUIO3bR5UzOv4ZRyYJclDKBtEIlRS LIZ/ABag717I5GeZsAavy8/xwLWExsteuq/7StmayaCmNpdKukR6ufVrfXD8K7oq hEIiX/PLEZi8qF+aITUs8naZNOWDwXv3afDXFRXtlB77o/s2hzDnDi1HrqrNmgnA UpGHUfMvK81EWMgSdpOljYzamEqPUF3sGiz4KyCP3vsF/BQvFRMpYzmcAbAj0rUX QwZzxf5z9qKcXwgnH/gOPd14lpjxvDSEpgB5DlwkqtIg3FBLYSlTBLoNJPT3RhnC uOuiMr+jMOUGzutxBYPVqyHWU+Q7o0rT7xzDzz/iyu8fMDrttM0ZRz9wudBwv3iL r7hVgVMyIqox8jnAMzqmZfyoAHamCleOQxoyTlhHz/RubSO/DlTIuehd2ynIaX1u YXYoTbUr3yykoLmGufNura5PUbYWOc7C3501vqaJvKSv6k4sCDT4wcEvLu/wjZho KyaJjJInE2J0MkS89sup9lgJx3AWa7eBdin6iuwPwxn46jx8+xukpzVBfsMZDp10 wkYZzR7bVsVOEcU+xoKIjLib1k3BT9GwKAVeqjstG3lQrG83xY31xCk6c9AHKLVk /8t3XWkz1U6HaPaNqbYT =WsFm -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2023:5201-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5201 Issue date: 2023-09-18 CVE Names: CVE-2023-4863 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebPCodec 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-102.15.1-1.el8_8.src.rpm aarch64: thunderbird-102.15.1-1.el8_8.aarch64.rpm thunderbird-debuginfo-102.15.1-1.el8_8.aarch64.rpm thunderbird-debugsource-102.15.1-1.el8_8.aarch64.rpm ppc64le: thunderbird-102.15.1-1.el8_8.ppc64le.rpm thunderbird-debuginfo-102.15.1-1.el8_8.ppc64le.rpm thunderbird-debugsource-102.15.1-1.el8_8.ppc64le.rpm s390x: thunderbird-102.15.1-1.el8_8.s390x.rpm thunderbird-debuginfo-102.15.1-1.el8_8.s390x.rpm thunderbird-debugsource-102.15.1-1.el8_8.s390x.rpm x86_64: thunderbird-102.15.1-1.el8_8.x86_64.rpm thunderbird-debuginfo-102.15.1-1.el8_8.x86_64.rpm thunderbird-debugsource-102.15.1-1.el8_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4863 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCGxXAAoJENzjgjWX9erE0yIP/1cqK6XIm3JVJ7oZd5HHRgfw +zaYmZSHU6I5/rbGvXjhrgHWkKcqHiJF4P015eZ4/IbPCHoNhnmZ3giiMa5bwFWC +LqNPuFo/KXczJ0akL6hwsxLYqfyhDbOPahlZ3hikbgnnpUVU3QWfX7VoKea57c3 NSOA5uvDsGMrcnPlIMqP0EIpS4AUz5jupzJHkhOHOKko/l7ugWCG8HxGeIqdLiS2 +xXGWFKNEzrepmjj5kpBOjlaP/NUgQVtKNfzyC5n7KCK/ogCwTe6WKnv64ujERfK K6vt/tlP8B2uqMBzoFW2MGwJBBk2msidJU3KFwoo7GI9Kr7+AYbtI/0G7LUZCS9k G2Km2t+8+Ye75UrOhy/lTc8EtZWN3gm7Oi2us3mJgUdRFs1156XP++EvQVV1gvs0 3oJZhG92r0Lbiv26vzrqWWW5NcZzXRAMxP+UwgRji/RKj/YC2+UXB3IVo5fCgbdx pqJXxB3owYUg8Orl5cNTU3Vccr//XQN2Yy/USZCBKUX4AwPsgACpnf2/FwOAfvnp G52Yp/wSoskvX/qGCt3ru5TRVs8VPlOS1gB2En3FY7KsbvXV+BV6NXeUu6k4o+tr E2I1Sz3xENHcoWU2gYYCb0vun1/pfZrK3FKKAqmms102Ds420K4dXCPBCwRWbFsf GWp3mLWmPpoWT/PIH8Uv =3biG -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwebp security update Advisory ID: RHSA-2023:5204-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5204 Issue date: 2023-09-18 CVE Names: CVE-2023-4863 ===================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described inthis advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.9.0): Source: libwebp-1.2.0-6.el9_0.src.rpm aarch64: libwebp-1.2.0-6.el9_0.aarch64.rpm libwebp-debuginfo-1.2.0-6.el9_0.aarch64.rpm libwebp-debugsource-1.2.0-6.el9_0.aarch64.rpm libwebp-devel-1.2.0-6.el9_0.aarch64.rpm libwebp-java-debuginfo-1.2.0-6.el9_0.aarch64.rpm libwebp-tools-debuginfo-1.2.0-6.el9_0.aarch64.rpm ppc64le: libwebp-1.2.0-6.el9_0.ppc64le.rpm libwebp-debuginfo-1.2.0-6.el9_0.ppc64le.rpm libwebp-debugsource-1.2.0-6.el9_0.ppc64le.rpm libwebp-devel-1.2.0-6.el9_0.ppc64le.rpm libwebp-java-debuginfo-1.2.0-6.el9_0.ppc64le.rpm libwebp-tools-debuginfo-1.2.0-6.el9_0.ppc64le.rpm s390x: libwebp-1.2.0-6.el9_0.s390x.rpm libwebp-debuginfo-1.2.0-6.el9_0.s390x.rpm libwebp-debugsource-1.2.0-6.el9_0.s390x.rpm libwebp-devel-1.2.0-6.el9_0.s390x.rpm libwebp-java-debuginfo-1.2.0-6.el9_0.s390x.rpm libwebp-tools-debuginfo-1.2.0-6.el9_0.s390x.rpm x86_64: libwebp-1.2.0-6.el9_0.i686.rpm libwebp-1.2.0-6.el9_0.x86_64.rpm libwebp-debuginfo-1.2.0-6.el9_0.i686.rpm libwebp-debuginfo-1.2.0-6.el9_0.x86_64.rpm libwebp-debugsource-1.2.0-6.el9_0.i686.rpm libwebp-debugsource-1.2.0-6.el9_0.x86_64.rpm libwebp-devel-1.2.0-6.el9_0.i686.rpm libwebp-devel-1.2.0-6.el9_0.x86_64.rpm libwebp-java-debuginfo-1.2.0-6.el9_0.i686.rpm libwebp-java-debuginfo-1.2.0-6.el9_0.x86_64.rpm libwebp-tools-debuginfo-1.2.0-6.el9_0.i686.rpm libwebp-tools-debuginfo-1.2.0-6.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-4863 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlCGxTAAoJENzjgjWX9erE4lsP/RpI9cKHmKMcG3Y8F9ijZe1L NAQ+TY8I2M5AetpJgrgyY1l8vILqtSXkK7w7oAZiofSg6OXO5ZmCXzWCRSbmQmt9 AgVDPi3bhHJ9AXb6qwP6rqcVkxQWPGlPSU6kdaMg8HiSFChzdruFO2zF/16ZsBky yKIzpqKzcLUAunEYrGrv5Mq8iUupCJD23euoCYAzGI4ZKJJrhVfPAharafEndfyB bk4m4aliBDtWnfx0eMeHJDQ46aVbQEFufy8xo71CY9dpzuJbOZqK98jCLiOv8FG/ eQGY5MTLcD3a4JUXJzclMjAOp3qbFtLVLGx0WvghYvrE/Jkr628aQYfm6I5aUn4L OgAZj9t0Ez7DEiGTJNu5PMJa921JD7QjXCPRfhWpXi6oa9NNRCnofpoMCmFqrDNl 2xzEc4Hq48N7sVpYG2KXkoEx5apUjWIhp/gCD+zXxQTeWTaFneeyvqJWd6h7OrUP p6nAKb3vZoaZC2usqcqzf61TpsExLfKU8OJEVuwLq80Zj5lTtUhXG6HWnfVWDXtK 2sscp2LSkypxW8QrPYvki61ZCslvl4DpQP2CkEyYOlURsKiPzMWOmwjWJ2cDMHkI zq/goJc7eESVkzsjBFdZvHxT5hLBOrk1aDmmc+60N0X8Lo6W9zcGLuh/DhUgNZfV UP7qGbb4LEyNtofx5hFh =5sow -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2023:5091-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5091 Issue date: 2023-09-12 CVE Names: CVE-2023-1637 CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 CVE-2023-4004 CVE-2023-4147 CVE-2023-20593 CVE-2023-21102 CVE-2023-31248 CVE-2023-35001 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux NFV (v. 9) - x86_64 Red Hat Enterprise Linux RT (v. 9) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function(CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-9.2.z3 Batch (BZ#2228482) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2181891 - CVE-2023-1637 kernel: save/restore speculative MSRs during S3 suspend/resume 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests 2213455 - CVE-2023-21102 kernel: bypass of shadow stack protection due to a logic error 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() 2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid() 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function 2225198 - CVE-2023-3610 kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE 2225239 - CVE-2023-4147 kernel:netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free 2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() 6. Package List: Red Hat Enterprise Linux NFV (v. 9): Source: kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.src.rpm x86_64: kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm Red Hat Enterprise Linux RT (v.9): Source: kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.src.rpm x86_64: kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-1637 https://access.redhat.com/security/cve/CVE-2023-3390 https://access.redhat.com/security/cve/CVE-2023-3610 https://access.redhat.com/security/cve/CVE-2023-3776 https://access.redhat.com/security/cve/CVE-2023-4004 https://access.redhat.com/security/cve/CVE-2023-4147 https://access.redhat.com/security/cve/CVE-2023-20593 https://access.redhat.com/security/cve/CVE-2023-21102 https://access.redhat.com/security/cve/CVE-2023-31248 https://access.redhat.com/security/cve/CVE-2023-35001 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlAINXAAoJENzjgjWX9erEp/8P/iIkE9S25nRDZSHimk3J4iIW WJu2kS06jJl4o116N8AREuoiRvKDQk+1fSN/nhjAj4mihEOvUbq+Ogj96+lezwt8 507Qwo2CciRYK/wwcb1slMT5mSF8/DjwzoikRtgd6WpYtyiSqcqGQvouiieV8SXO EtqpY39py6RgCtmFgjOv4SKetj5RaasMpAOdopio/oOFchWQBcKc20cAAE0e2g6l 4RtIop/rNijrq+WhnLisXzTOgghzpez3tIIsSwqLvHZp6MGjxirXyVF429MSF70d /gavs7/IsLPHTSfgoGmww1W9RJU8QSNnozHsRFnSRTyaBAAceWJjWez4sWnlcDjS y9CnlY1hwjict9lZQEZicppTBA+AVK/n1Ztpr2kR2bSSrN9t3Zjme8lZ9sCObUEW MjNEPVLmOiKfi6BTnyjjSMPyRij0orvq30VijfJhzTlAqbuUJq8e4ttGtcgL8Fgu dcLitdVKFOtAncTnrlrfowEr6dR5ErEo27dRb8vUhnZUA8loknreLgIdr/ygAA6H zXGCWhMN4CgUOiKrr689ycqw9G0pGmhQIbWZ6VzEYGgfTRBtakh7pD/QwANbwQ6P 902UGNgV1NzUtyx6uBG1IG1WoJ7LyueDD1QX1XWC10hxL9Dha9kEUBXJgzdaO6+T zhLnpqEUrXQxBEVDGTyZ =Ttpn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.