-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:0856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0856 Issue date: 2021-03-16 CVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532) * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645) * kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) * kernel: increase slab leak leads to DoS (CVE-2021-20265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147) * WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540) * lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961) * Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264) * [RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372) * Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669) * RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172) * Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK (BZ#1901064) * writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819) * [Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896) * kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036) * kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817) * dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407) * watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589) * [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273) * [DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write 1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c 1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints 1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS 1916589 - watchdog: use nmi registers snapshot in hardlockup handler 1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.21.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.21.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.21.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.21.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm perf-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.21.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm perf-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.21.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm kernel-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-headers-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm perf-3.10.0-1160.21.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm python-perf-3.10.0-1160.21.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.21.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q mSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ 1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB SuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk xRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD mCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu Bupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP o7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c 9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj mYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r UfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi 65tXPtffy4k= =OXZI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce