-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: devtoolset-10-gcc security update
Advisory ID:       RHSA-2021:4039-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4039
Issue date:        2021-11-01
CVE Names:         CVE-2021-42574 
=====================================================================

1. Summary:

An update for devtoolset-10-gcc is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

The GNU Compiler Collection (GCC) is a portable compiler suite with support
for various programming languages, including C, C++, and Fortran. The
devtoolset-10-gcc packages provide the Red Hat Developer Toolset 10 version
of GCC, as well as related libraries.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters
can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in binutils in order to facilitate
detection of BiDi Unicode characters:

This gcc update implements -Wbidirectional=[none|unpaired|any] to warn
about possibly dangerous bidirectional characters.
There are three levels of warning supported by GCC:
"-Wbidirectional=unpaired", which warns about improperly terminated bidi
contexts. (This is the default)
"-Wbidirectional=none", turns the warning off.
"-Wbidirectional=any" warns about any use of bidirectional characters.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
devtoolset-10-gcc-10.2.1-11.2.el7.src.rpm

ppc64:
devtoolset-10-gcc-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.ppc64.rpm
libasan6-10.2.1-11.2.el7.ppc64.rpm
liblsan-10.2.1-11.2.el7.ppc64.rpm
libtsan-10.2.1-11.2.el7.ppc64.rpm
libubsan1-10.2.1-11.2.el7.ppc64.rpm

ppc64le:
devtoolset-10-gcc-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.ppc64le.rpm
libasan6-10.2.1-11.2.el7.ppc64le.rpm
liblsan-10.2.1-11.2.el7.ppc64le.rpm
libtsan-10.2.1-11.2.el7.ppc64le.rpm
libubsan1-10.2.1-11.2.el7.ppc64le.rpm

s390x:
devtoolset-10-gcc-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.s390x.rpm
libasan6-10.2.1-11.2.el7.s390x.rpm
libubsan1-10.2.1-11.2.el7.s390x.rpm

x86_64:
devtoolset-10-gcc-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.i686.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.x86_64.rpm
libasan6-10.2.1-11.2.el7.i686.rpm
libasan6-10.2.1-11.2.el7.x86_64.rpm
liblsan-10.2.1-11.2.el7.x86_64.rpm
libtsan-10.2.1-11.2.el7.x86_64.rpm
libubsan1-10.2.1-11.2.el7.i686.rpm
libubsan1-10.2.1-11.2.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
devtoolset-10-gcc-10.2.1-11.2.el7.src.rpm

ppc64:
devtoolset-10-gcc-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.ppc64.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.ppc64.rpm
libasan6-10.2.1-11.2.el7.ppc64.rpm
liblsan-10.2.1-11.2.el7.ppc64.rpm
libtsan-10.2.1-11.2.el7.ppc64.rpm
libubsan1-10.2.1-11.2.el7.ppc64.rpm

ppc64le:
devtoolset-10-gcc-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.ppc64le.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.ppc64le.rpm
libasan6-10.2.1-11.2.el7.ppc64le.rpm
liblsan-10.2.1-11.2.el7.ppc64le.rpm
libtsan-10.2.1-11.2.el7.ppc64le.rpm
libubsan1-10.2.1-11.2.el7.ppc64le.rpm

s390x:
devtoolset-10-gcc-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.s390x.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.s390x.rpm
libasan6-10.2.1-11.2.el7.s390x.rpm
libubsan1-10.2.1-11.2.el7.s390x.rpm

x86_64:
devtoolset-10-gcc-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.i686.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.x86_64.rpm
libasan6-10.2.1-11.2.el7.i686.rpm
libasan6-10.2.1-11.2.el7.x86_64.rpm
liblsan-10.2.1-11.2.el7.x86_64.rpm
libtsan-10.2.1-11.2.el7.x86_64.rpm
libubsan1-10.2.1-11.2.el7.i686.rpm
libubsan1-10.2.1-11.2.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
devtoolset-10-gcc-10.2.1-11.2.el7.src.rpm

x86_64:
devtoolset-10-gcc-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-c++-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.i686.rpm
devtoolset-10-gcc-debuginfo-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gdb-plugin-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-gfortran-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-gcc-plugin-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libasan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libatomic-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libgccjit-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libgccjit-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libitm-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-liblsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libquadmath-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libstdc++-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libstdc++-docs-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libtsan-devel-10.2.1-11.2.el7.x86_64.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.i686.rpm
devtoolset-10-libubsan-devel-10.2.1-11.2.el7.x86_64.rpm
libasan6-10.2.1-11.2.el7.i686.rpm
libasan6-10.2.1-11.2.el7.x86_64.rpm
liblsan-10.2.1-11.2.el7.x86_64.rpm
libtsan-10.2.1-11.2.el7.x86_64.rpm
libubsan1-10.2.1-11.2.el7.i686.rpm
libubsan1-10.2.1-11.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2021-007

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYX+dgNzjgjWX9erEAQh1ng/+KfHZZVGBNpHlFb8SXUezGupFvsWm6JXL
fw94jqsWnRWpK97aV/7PJVR0+/o2xDzI8zDZJmukQNyYhoG94Mhy0QuHM9Jt9pWf
0Xj7JLYhIi+rP0PqbzoeKJ+XZWSlfm+h2DZVf9nFwpKZnbrRpersKYu51wWVcMNI
agB26pbmKL/5VR8/Y1UI4dzehZ5dkgAZWYiroL7Ec9HbkKFTSk6umvqWrbzQLb6I
wnbn17ot0G1hAOoXjDGTruMSBXZqHw6U9QZLFzLy6XRoDxkiLDTqqAOO6mcDjKRC
j58mH8ULeKtfd8NzuC1ldOWzXhJAkno2Kd+c/JwZ1PhMcGKJQrg/nWY+sqyCMoXn
YoMO6SvlcHLe4Fr0lp428uf1lDpD9q4NgAxKLaIRdlhJKSrbqDUDRycwuCVu21dk
5gqaM6lRxvtA77yTOZi1RYu9eoIIOc7qib+bTvcoEnMjxs1hS4jAWS5+TLdvzXfu
HbibKadGtfHveWcYt6b4y9Wu9TJPiFbMUu80ytSooP1BY9mnZ79JzEP+wmDCb8/+
IVvQuN1a/hq4/FbPwHDtAO/mBr2ndDlqy2qd74N2dlRpYTJeG8yHh9PDhx2NU7AR
lMjPc9aynS/gHAMkvDQzGA0o2bZTfu/5lCkSHz7HlBgjPYuI6oWhqgn8voLjtPq6
sRRx46jlqlE=
=Zfa/
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce