Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3390 thunderbird security update 14 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-38502 CVE-2021-38501 CVE-2021-38500 CVE-2021-38498 CVE-2021-38497 CVE-2021-38496 CVE-2021-32810 Reference: ESB-2021.3376 ESB-2021.3364 ESB-2021.3338 ESB-2021.3298 ESB-2021.3297 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3841 https://access.redhat.com/errata/RHSA-2021:3840 https://access.redhat.com/errata/RHSA-2021:3839 https://access.redhat.com/errata/RHSA-2021:3838 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:3841-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3841 Issue date: 2021-10-13 CVE Names: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free 2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask 2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin 2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object 2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: thunderbird-91.2.0-1.el7_9.src.rpm x86_64: thunderbird-91.2.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): Source: thunderbird-91.2.0-1.el7_9.src.rpm ppc64le: thunderbird-91.2.0-1.el7_9.ppc64le.rpm thunderbird-debuginfo-91.2.0-1.el7_9.ppc64le.rpm x86_64: thunderbird-91.2.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: thunderbird-91.2.0-1.el7_9.src.rpm x86_64: thunderbird-91.2.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32810 https://access.redhat.com/security/cve/CVE-2021-38496 https://access.redhat.com/security/cve/CVE-2021-38497 https://access.redhat.com/security/cve/CVE-2021-38498 https://access.redhat.com/security/cve/CVE-2021-38500 https://access.redhat.com/security/cve/CVE-2021-38501 https://access.redhat.com/security/cve/CVE-2021-38502 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWatu9zjgjWX9erEAQjE8g//dWbkW/wXFUkhsnaB6rSDDJv5TClFDP3g QDgNw0NyFhLR+BUkvuU72dfsYutpOgF8ziXax6z0wdS591XdohdKVV0T5GmUgzzs AK34DkZHMSwsNNSEHz41uwF9C/3dQaCvzPWPx8nJXaQytfHadiwTzZAZWBBuJaM2 ygXu0L6MU5qVBx2nqgP1sF/ZIe8Q1RTfkaL4EjRcsws3AqGMFvk4mAmRV3LzNbEv aFZPega3tpeRmVRbF7V3Pm69f+at6ucgatKjISXX6xKNi/U2KEpYCYIvwo0j2tQ8 77RrOzgng+j0ocJwgsZeBmUXGzGloqPHJcGDfMHv+BrmKm7qjpwMbFVXSY5CnYPA gbtT0MjOw22JP8aiKZPisfWHzZV9P8TL+3A7zGbYHyfm9GBJjr5z/vCjRNW1NQjw lRUbQEVIiSNGDYnZ1J3p6vhFjnks2kyuX/w+n9qo8dDXg8lonwGmj0B/uXyJ8AJW wYQBmDIm0eZiyyAPR6HpmEK3C/ybNgudGbB4PkH76V8/uSl/i6XLKm9GRB2IbtG5 77/K62qaMOsghc1JlXwsbM7HKwVP7UPRwQktjRq2dYIOvNPaddkrIl/5nlByc8OF tvh3lLdHpQ/7Vgajgo3/zCUQKX0VNDvI4bpR91QUZUYgjvZErMvBL5xXlp5OdEig DwFrNFgSylE= =nvXp - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:3840-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3840 Issue date: 2021-10-13 CVE Names: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free 2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask 2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin 2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object 2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: thunderbird-91.2.0-1.el8_1.src.rpm ppc64le: thunderbird-91.2.0-1.el8_1.ppc64le.rpm thunderbird-debuginfo-91.2.0-1.el8_1.ppc64le.rpm thunderbird-debugsource-91.2.0-1.el8_1.ppc64le.rpm x86_64: thunderbird-91.2.0-1.el8_1.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el8_1.x86_64.rpm thunderbird-debugsource-91.2.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32810 https://access.redhat.com/security/cve/CVE-2021-38496 https://access.redhat.com/security/cve/CVE-2021-38497 https://access.redhat.com/security/cve/CVE-2021-38498 https://access.redhat.com/security/cve/CVE-2021-38500 https://access.redhat.com/security/cve/CVE-2021-38501 https://access.redhat.com/security/cve/CVE-2021-38502 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWam9tzjgjWX9erEAQgF6BAAqDJ8d18sSf4Y8ZT/OWODznBIiEWm6W6i ohn4aCh5u2lSluN4aMApw54s1d8jbcSgKgWMRHZA+ClVVuvJ5XgAhs89IJMzSIUv 1HXmneS8zt9ZGd0qyddujV3QX89OprLbiP8SB1JqXFpXA/D0mcUWMRfAYUbSI7jp WJjK+LG6syTZBBs0HiLd850MqAAggb4y/kkCWtRlT6gT15bownjrO0hCLxbFoTpR Z78ZPy47+jvMbAxnzNtCjpV6uOdVLjiH/NpLTnjN7UfE1l61TVzgyNXoxIeXB+3d nB+6tN9JCm0nwu091hpMn2ZNMO1Ui6lsB6YS8pYEQkCn1R+lrXR3/0lQ3vii4zRs lkM/um9sVCwxMP/7h7GQLh8D6qprKiqZMN/tWoM4B7y6kVc9tFbESLhd13BCfDfa 2hTvB4mfDnIhz0wOdJA1VTnmuieXOBVRae8tLnuoG/5A5xaqoApfkYQmFJxYwJ42 xWoaZHuYb5lwxukOVsmVRhDyHfUF01xXJjMUqn2p4wzF6iz/0p+fWbNSqtevhtBH cI8492voeHUoyQVSUNqaa21BmN8jtzL0fkgDn7YPiol/xGAZFmD2fNgTVm5cLrfQ y26+s3EYvBYrniSWAG9XROsTqrzE9Ngh1wgfW+K//dvAiQ8vdEg65CwRvlDaDC6d DOckdPLQXLE= =qTTz - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:3839-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3839 Issue date: 2021-10-13 CVE Names: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free 2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask 2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin 2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object 2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: thunderbird-91.2.0-1.el8_2.src.rpm aarch64: thunderbird-91.2.0-1.el8_2.aarch64.rpm thunderbird-debuginfo-91.2.0-1.el8_2.aarch64.rpm thunderbird-debugsource-91.2.0-1.el8_2.aarch64.rpm ppc64le: thunderbird-91.2.0-1.el8_2.ppc64le.rpm thunderbird-debuginfo-91.2.0-1.el8_2.ppc64le.rpm thunderbird-debugsource-91.2.0-1.el8_2.ppc64le.rpm x86_64: thunderbird-91.2.0-1.el8_2.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el8_2.x86_64.rpm thunderbird-debugsource-91.2.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32810 https://access.redhat.com/security/cve/CVE-2021-38496 https://access.redhat.com/security/cve/CVE-2021-38497 https://access.redhat.com/security/cve/CVE-2021-38498 https://access.redhat.com/security/cve/CVE-2021-38500 https://access.redhat.com/security/cve/CVE-2021-38501 https://access.redhat.com/security/cve/CVE-2021-38502 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWam6NzjgjWX9erEAQhP7RAAl+2nhF5jf49AWDmtjdlFUataUsgxlclU x4UAyTvrWb5e7GQ+gzGlaYNRBrz+lbEo7Ei2TkbAZ+uB4sa7gZfONxSyI6kw4cHA QTBC3KD08JBPH+1YDN9pQ64MzTM6D55rIvXPR3jnQiVn1kb/G4w3ygjixlqV8JYd yEX8JlfxHJh8m2V1rPPd5T+5dPRRE+8IMSxKW9tMuBgAB7wUkJYErzA/Q4lKMVzb yXKG1Bu3DheZaCxpcBUFGfyJuCsj2Ehu2rC/pIzBFJHxPOxvTSVQCKoTjb4AVplb YSU7d+r1U0j4iqZjssSDoVHL6qTDGTqKmYIgQ5YaUdkpaWv4FhL4mPiOqcntb1uQ JOpJcti8C5kPU08xi70CGLGd/Djb5oKZN38RNbVyjHh97aEHf+sc3xBiykfbYkRE UZZ+sMRnimeuUqGv0YW7KwSEF7K77f4r2YaQuzUvFoekfuOAgdYLbGohKMB/0Fio HCFAgB3qGf0xRUafOE29HGoHgXiDdufVQwiu52A21KG20IcyuNWVS34tft486Qrj Gx9RGSZJ3r30MY/uQFdu5u/ZiQrwHQuK9DTTOHO4DZ8qxWn1ZnW5Z8UvArhWde3Q 89V7vBkPMlqUNNXvoyd4S5tW53X5uwlVdVVE2f5e86zJjaoPtc8xGL2yeEtrMzzT 2CuqEsGV68s= =S3K2 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: thunderbird security update Advisory ID: RHSA-2021:3838-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3838 Issue date: 2021-10-13 CVE Names: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 ===================================================================== 1. Summary: An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Thunderbird must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1990342 - CVE-2021-32810 rust-crossbeam-deque: race condition may lead to double free 2011097 - CVE-2021-38496 Mozilla: Use-after-free in MessageTask 2011098 - CVE-2021-38497 Mozilla: Validation message could have been overlaid on another origin 2011099 - CVE-2021-38498 Mozilla: Use-after-free of nsLanguageAtomService object 2011100 - CVE-2021-38500 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 2011101 - CVE-2021-38501 Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 2013469 - CVE-2021-38502 Mozilla: Downgrade attack on SMTP STARTTLS connections 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: thunderbird-91.2.0-1.el8_4.src.rpm aarch64: thunderbird-91.2.0-1.el8_4.aarch64.rpm thunderbird-debuginfo-91.2.0-1.el8_4.aarch64.rpm thunderbird-debugsource-91.2.0-1.el8_4.aarch64.rpm ppc64le: thunderbird-91.2.0-1.el8_4.ppc64le.rpm thunderbird-debuginfo-91.2.0-1.el8_4.ppc64le.rpm thunderbird-debugsource-91.2.0-1.el8_4.ppc64le.rpm s390x: thunderbird-91.2.0-1.el8_4.s390x.rpm thunderbird-debuginfo-91.2.0-1.el8_4.s390x.rpm thunderbird-debugsource-91.2.0-1.el8_4.s390x.rpm x86_64: thunderbird-91.2.0-1.el8_4.x86_64.rpm thunderbird-debuginfo-91.2.0-1.el8_4.x86_64.rpm thunderbird-debugsource-91.2.0-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32810 https://access.redhat.com/security/cve/CVE-2021-38496 https://access.redhat.com/security/cve/CVE-2021-38497 https://access.redhat.com/security/cve/CVE-2021-38498 https://access.redhat.com/security/cve/CVE-2021-38500 https://access.redhat.com/security/cve/CVE-2021-38501 https://access.redhat.com/security/cve/CVE-2021-38502 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWank9zjgjWX9erEAQjC1BAAgimxjq1dn216oSAC+ccBTX6XbQ/z9WW3 7moPWhe3CR55MrQhyo0TXz/98l26iGzjj+61FrhTuP2ZtZJYUMOHez+sAFaQVjzr DIdOV8UhDAk3Ym8hbMgAGKViDuBS/y9gYxSzsLUxJlMBg+UsQWH+aX71zkij58IK HFN/NWCIFH6A2LkPaGSwkFkQ95PNH00TrzmHMCukH8iTw+AVbleh93skJFfIZjKW OOq8G7Ek/whqUwyHxzuf+WgNHgWnW3N7zpgMdujvBfA4jYqJb+4VZgNfmGAEFJiP Q8E7jcxiL4/LQjjNHdSCeikdPvesMEodUf04g802anamPrZrgJhR89jBl+sDS/Ry vwKkkgNTev1Ko6OyZnZXq8xiDN1QhFNfjWgwminbDc6mw8FAOGDM2s+N/myBkNP/ KCi4MO81x73Df1eBTw0/vMPvTtBxBelyPPvc7FXBbDSq/mu767QGnfcp7k6E2TaD HV/A4/1+YfHzeKGoCr09gnmWL2qiK6HJHaFpQ14g+CKRIEcVGp+gRYCJ0IDWIy3X 2t5PcDQLGN9DGRoVb8ljx9blBRRr5sNx4OyCCzkAjURHDyyFph9aRPkW+dJWoNBl 4IYMX0vqbHAhuGnjcucnlvn555dL2HH7Pxq5o18sWGjFyg0fnQeJC7puvwB6MCD8 wTcx4nlU+zA= =Z0OO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWdlHuNLKJtyKPYoAQiKihAAn8Way5r9y/FilfsrTqhC/G7I08Uvol9w rNn4rmRpmNqrs0sgBemLSHfO+lqBd1SwCbERALol3N0NGdn6lDeiYbT9WaZ+KZ2p xF2C+hFl8YqICRUG2sFeYSSm4QIoHR7z3D7fz9nm4rgzHQ7wZn1aWW9eTmNDUVpU WM2tQ5eBVOX1B+HXIthPkyJZ6cgcA79tk/sb08VhxqiQNGjaUzL2GbHc546Z55sE mfug+8S6T8wgX8izS7GBhz+wxNyBwtl/SeDFTRnQHLdaeTsF6dmn52gSoudyGlnB 2ex+5njeRySltgEFWOWcw1jyT0o5pYo69fp6I45JcdMH7ywqCmMUsy/PGPWsVcnW T3U4h+M3MYcjWl+t+cpfByz8ky0AR3N+JYUwqvBtwJsUfU0k1uC7KHkGV/Vmq7Rn 4PtFfQS4KBl0MKDJuBO5D01SQIk9Ec0IL3nR3eF4KVi5/WWLl/+LKmdtaE5nUOnA t+36GZESmckh1uhI9OsWbU33iZGEhD/SC81hEbVNj0o+P31xafaVcb3+BnY2G+Bv B9YjY133yb1U2aPJvl2Wb9uj9OBMhBBIaFPlQugRrydN5Vbru75/YcBrXUXkMstf Ak3fgIfDE0ZqV3je1EyWST29OqXnq/Nncr7WeX+PH79x3cErV2siP+t2spn+SPkG FHvdJ6b00ro= =9uqy -----END PGP SIGNATURE-----