Advisory for RedHat Security Updates

  • NIC-CERT/2022-10/441
  • Date: 2022-10-19
  • CVE ID: Multiple
  • Severity: High

Description:

A vulnerability has been found in redhat products which could allow an attacker to take control of the affected system.

Security Issues Fixed:

Red Hat has rolled out various security updates which consist of thunderbird, firefox, kernel.

C. Affected Products & Solution:

CVE

Product

Synopsis

CVE-2022-40674

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64

Red Hat Enterprise Linux for IBM z Systems 9 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x

Red Hat Enterprise Linux for Power, little endian 9 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le

Red Hat Enterprise Linux for ARM 64 9 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Red Hat Enterprise Linux for x86_64 8 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64

Red Hat Enterprise Linux Server - AUS 8.6 x86_64

Red Hat Enterprise Linux for IBM z Systems 8 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x

Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le

Red Hat Enterprise Linux Server - TUS 8.6 x86_64

Red Hat Enterprise Linux for ARM 64 8 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Red Hat Enterprise Linux Server 7 x86_64

Red Hat Enterprise Linux Workstation 7 x86_64

Red Hat Enterprise Linux Desktop 7 x86_64

Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le

Red Hat Enterprise Linux Server - TUS 8.2 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux Server - TUS 8.4 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

thunderbird security update

CVE-2022-40674

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux Server - TUS 8.4 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Red Hat Enterprise Linux for x86_64 8 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64

Red Hat Enterprise Linux Server - AUS 8.6 x86_64

Red Hat Enterprise Linux for IBM z Systems 8 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x

Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le

Red Hat Enterprise Linux Server - TUS 8.6 x86_64

Red Hat Enterprise Linux for ARM 64 8 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le

Red Hat Enterprise Linux Server - TUS 8.2 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64

Red Hat Enterprise Linux for IBM z Systems 9 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x

Red Hat Enterprise Linux for Power, little endian 9 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le

Red Hat Enterprise Linux for ARM 64 9 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Red Hat Enterprise Linux Server 7 x86_64

Red Hat Enterprise Linux Workstation 7 x86_64

Red Hat Enterprise Linux Desktop 7 x86_64

Red Hat Enterprise Linux for IBM z Systems 7 s390x

Red Hat Enterprise Linux for Power, big endian 7 ppc64

Red Hat Enterprise Linux for Power, little endian 7 ppc64le

firefox security update

CVE-2021-45485

CVE-2021-45486

CVE-2022-2588

CVE-2022-21123

CVE-2022-21125

CVE-2022-21166

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64

kernel-rt security and bug fix update

CVE-2022-32212

CVE-2022-32213

CVE-2022-32214

CVE-2022-32215

CVE-2022-33987

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux Server - TUS 8.4 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

nodejs:14 security and bug fix update

CVE-2021-45485

CVE-2021-45486

CVE-2022-2588

CVE-2022-21123

CVE-2022-21125

CVE-2022-21166

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux Server - TUS 8.4 x86_64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64

kernel security, bug fix, and enhancement update

CVE-2022-2588

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux Server - TUS 8.4 x86_64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

kpatch-patch security update

CVE-2022-3101

CVE-2022-3146

Red Hat OpenStack 16.2 x86_64

Red Hat OpenStack 16.1 x86_64

Red Hat OpenStack for IBM Power 16.2 ppc64le

Red Hat OpenStack for IBM Power 16.1 ppc64le

Red Hat OpenStack Platform (tripleo-ansible) security update

CVE-2022-40674

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

compat-expat1 security update

CVE-2022-35255

CVE-2022-35256

Red Hat Enterprise Linux for x86_64 8 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64

Red Hat Enterprise Linux Server - AUS 8.6 x86_64

Red Hat Enterprise Linux for IBM z Systems 8 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x

Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le

Red Hat Enterprise Linux Server - TUS 8.6 x86_64

Red Hat Enterprise Linux for ARM 64 8 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

nodejs:16 security update

CVE-2022-35255

CVE-2022-35256

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64

Red Hat Enterprise Linux for IBM z Systems 9 s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x

Red Hat Enterprise Linux for Power, little endian 9 ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le

Red Hat Enterprise Linux for ARM 64 9 aarch64

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

nodejs security update

Users are advised to visit following URL and follow the steps to apply fixes.

https://access.redhat.com/articles/11258

D. References:

https://access.redhat.com/security/security-updates/#/

https://access.redhat.com/security/updates/classification/#important