ID

VAR-202302-0482

CVE

CVE-2022-4304

TITLE

OpenSSL  side-channel vulnerabilities in

DESCRIPTION

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215) A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286). Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique. OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var) OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated. OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot OCPBUGS-13323 - [4.13] Bootimage bump tracker OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token OCPBUGS-14166 - Make Serverless form is broken OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13) OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this) OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort OCPBUGS-14426 - Failed to list Kepler CSV OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles OCPBUGS-14598 - Update Jenkins to use 4.13 images OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease OCPBUGS-14916 - images: RHEL-8-based container image is broken OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized OCPBUGS-15101 - IngressVIP getting attach to two nodes at once OCPBUGS-15130 - Helm Repository "Edit" button results in 404 OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label OCPBUGS-15161 - CPMS: Surface cpms vs machine diff OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state OCPBUGS-15187 - images: RHEL-8 container image is missing `xz` OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart) OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install OCPBUGS-15246 - Bump to kubernetes 1.26.6 OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project OCPBUGS-15330 - CPMSO: fix linting issue comment in test OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.' OCPBUGS-15360 - Serverless functions UI warning is misleading OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars) OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp) OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13] OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert" OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout OCPBUGS-15557 - TUI stuck on agent installer network boot setup OCPBUGS-15580 - updated nmstate builds will not work for MCO OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clusters OCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9 OCPBUGS-15736 - TuneD reverts node level profiles on termination OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /` volumeMount breaks CSI driver relying on multipath OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values. OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13 OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology 6. JIRA issues fixed (https://issues.redhat.com/): OSSM-3936 - [kiali] do not hardcode label names OSSM-4220 - Update 2.4 base image OSSM-4291 - Release Kiali container v1.65 for OSSM 2.4 6. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-15506 - [release-4.11] gather podDisruptionBudget only from openshift namespaces OCPBUGS-15539 - IngressVIP getting attach to two nodes at once OCPBUGS-15876 - 4.11 ovn-k unit tests failing OCPBUGS-16037 - TuneD reverts node level profiles on termination OCPBUGS-16126 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes OCPBUGS-16152 - Placeholder bug for OCP 4.11.0 extras release OCPBUGS-5708 - Bootstraps' pivot service races with bootkube 6. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5. JIRA issues fixed (https://issues.jboss.org/): MTA-118 - Automated tagging of resources with Windup MTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable MTA-129 - User field in Manage Import is empty MTA-160 - [Upstream] Maven Repositories "No QueryClient set, use QueryClientProvider to set one" MTA-204 - Every http request made to tagtypes returns HTTP Status 404 MTA-256 - Update application import template MTA-260 - [Regression] Application import through OOTB import template fails MTA-261 - [Regression] UI incorrectly reports target applications have in-progress/complete assessment MTA-263 - [Regression] Discard assessment option present even when assessment is not complete MTA-267 - Analysis EAP targets should include eap8 MTA-268 - RFE: Automated Tagging details to add on Review analysis details page MTA-279 - All types of Source analysis is failing in MTA 6.1.0 MTA-28 - Success Alert is not displayed when subsequent analysis are submitted MTA-282 - Discarding review results in 404 error MTA-283 - Sorting broken on Application inventory page MTA-284 - HTML reports download with no files in reports and stats folders MTA-29 - Asterisk on Description while creating a credentials should be removed MTA-297 - [Custom migration targets] Cannot upload JPG file as an icon MTA-298 - [Custom migration targets] Unclear error when uploading image greater than 1Mb of size MTA-299 - [RFE][Custom migration targets] Assign an icon: Add image max size in the note under the image name MTA-300 - [Custom rules] Cannot upload more than one rules file MTA-303 - [UI][Custom migration targets] The word "Please" should be removed from the error message about existing custom target name MTA-304 - [Custom rules] Failed analysis when retrieving custom rules files from a repository MTA-306 - MTA allows the uploading of multiple binaries for analysis MTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install MTA-314 - PVCs may not provision if storageClassName is not set. MTA-330 - With auth disabled, 'username' seen in the persona dropdown MTA-332 - Tagging: Few Tags are highlighted with color MTA-34 - Cannot filter by Business Service when copying assessments MTA-345 - [Custom migration targets] Error message "imageID must be defined" is displayed when uploading image MTA-35 - Only the first notification is displayed when discarding multiple copied assessments MTA-350 - Maven Central links from the dependencies tab in reports seem to be broken MTA-351 - AspectJ is not identified as an Open Source Library MTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear MTA-363 - [UI][Custom migration targets] "Repository type" field name is missing MTA-364 - [Custom migration targets] Unknown image file when editing a custom migration target MTA-366 - Tagging: For no tags attached "filter by" can be improved MTA-367 - [Custom migration targets] Cannot use a custom migration target in analysis MTA-369 - Custom migration targets: HTML elements are duplicated MTA-375 - Run button does not execute the analysis MTA-377 - [UI][Custom rules] Custom rules screen of the analysis configuration wizard is always marked as required MTA-378 - [UI][Custom rules] Info message on the Custom rules screen is not updated MTA-38 - Only the first notification is displayed when multiple files are imported. MTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed MTA-382 - Custom Rules: Sometimes able to upload duplicate rules files MTA-388 - CSV reports download empty when enabling the option after an analysis MTA-389 - [Custom rules in Analysis] Failed analysis when retrieving custom rules files from a private repository MTA-391 - [Custom rules in Analysis] Targets from uploaded rules file are not removed once the file is removed MTA-392 - Unable to see all custom migration targets when using a vertical monitor MTA-41 - [UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off MTA-412 - Display alert message before reviewing an already reviewed application MTA-428 - [Custom Rules] MTA analysis custom rules conflict message MTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected MTA-438 - Tagging: Retrieving tags needs a loading indicator MTA-439 - [Regression][Custom rules] Failed to run analysis with custom rules from a repository MTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed MTA-50 - RFE: Replace the MTA acronym in the title with "Migration Toolkit for Applications" MTA-51 - RFE: " Select the list of packages to be analyzed manually" to modify the title MTA-52 - [RFE] We can change "Not associated artifact" to "No associated artifact" MTA-55 - Can't choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0 MTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability [mta-6.0] MTA-99 - Unable to use root path during checking for maven dependencies 6. Description: Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/multicluster_engine/installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-10719 - machines stuck in provisioned or provisioning OCPBUGS-12750 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s OCPBUGS-13166 - Bump to kubernetes 1.24.14 OCPBUGS-13661 - `cluster-reader` role cannot access "k8s.ovn.org" API Group resources OCPBUGS-13820 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.11) OCPBUGS-13916 - [4.11] container_network* metrics fail to report OCPBUGS-14069 - [4.11] Fast track BZ#2196441 (Network Manager) OCPBUGS-14288 - [4.11] Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install OCPBUGS-14564 - IPv6 interface and address missing in all pods - OCP 4.12-ec-2 BM IPI 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.12.22 bug fix and security update Advisory ID: RHSA-2023:3615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3615 Issue date: 2023-06-22 CVE Names: CVE-2021-4235 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0361 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:3613 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html Security Fix(es): * go-yaml: Denial of Service in go-yaml (CVE-2021-4235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:ba7956f5c2aae61c8ff3ab1ab2ee7e625db9b1c8964a65339764db79c148e4e6 (For s390x architecture) The image digest is sha256:36d8c9581c255ea3fb48ee8e3b4acb2e4b408f1c3542b16c55c0637403ef29e7 (For ppc64le architecture) The image digest is sha256:1a3f611d665c1d2b2ddb54d4f54e64c181e59fb57ec97c0578cad42c436a9bbc (For aarch64 architecture) The image digest is sha256:36fe7b5c69297210f8bc0303a58c019fdc4ca578d0c3340b1bc847c47e87d333 All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-13785 - EgressNetworkPolicy DNS resolution does not fall back to TCP for truncated responses OCPBUGS-14333 - Package openvswitch2.17 conflicts with openvswitch2.15 during the 4.12 to 4.13 upgrade of RHEL worker OCPBUGS-14454 - CRL configmap is limited by 1MB max, not allowing for multiple public CRLS. (4.12) OCPBUGS-14455 - mtls CRL not working when using an intermediate CA (4.12) OCPBUGS-14647 - Errors when running must-gather for 4.12 Rosa/Hypershift cluster OCPBUGS-14671 - It must be possible to append a piece of FRR configuration to what MetalLB renders OCPBUGS-14717 - Maximum Number Of Egress IPs Supported OCPBUGS-14745 - container_network* metrics stop reporting after container restart OCPBUGS-8673 - [whereabouts-cni] [release-4.12] Backport DualStack and the new reconciler to whereabouts plugin 4.12 6. References: https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJZol9zjgjWX9erEAQisXA/+NLLB9/gV0VO/r2mMIiaD7nzF25RMNy6E W07FAfzzYtrxMYspYtRAKnPv7tLJJT6Aa+xJ0O8jtnv1P0e1BdOr5MrsHiALZgiQ OWj5Px61nnKIRrrBNAEk2nKs2in96otOZryLzWy2osQCl+T17U1/gEQvpYhl18FE UWIHtP3Rzs1+ZdpgcbqvQtPfeKUAp380dGL8V3Gw4rpVYDsiNxvKxdg6cHeyjrb0 fMHK07Pw8PRxUh2xr56a512HkPMhTPIx+xcjZ1RTly9QPXEWjWgDolOiMYRjL/ne UC/A8MumKMiJoltLwTly6si3ChklI36iyrVgH6MHaKjvqPWHH7z2303N632IXvmd KzGVdEtzn/X0zUyutl6c6eJEWidvgaVjLHRynxCeD6Cz5MX2EzD5ITYxyA4MmSgq FcD4NPn6EUs9k2zHSOyfe7extwNlXEslbWYq+rX4aT7FY+Ul7PTwzmAkhzRdOVpr 5Oi4hbwhyqt1DteBr/NNZAHK58BdxP6oi8rgZiZDANwRWk/Dx5xFKMIYD0Z2GHmG +bvA5DqaMLZPv26nHv1rgR9YNzTe/Tw651QePis+4X3YXx6yGuwDW2gs5JMNMnBT xOxT8zctDV1kghhh+IaZMopdQ+hlZCoJyVZv0DbLZoF9mZ74gzLdvCtFyFVvZ8ZG AxaDJxGrtzg= =va8E -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-10-14T23:00:02.630000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE