Bug 2162336 (CVE-2022-46871)

Summary: CVE-2022-46871 Mozilla: libusrsctp library out of date
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.7, thunderbird 102.7 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-29 04:22:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2158855, 2158856, 2158857, 2158858, 2158859, 2158860, 2158861, 2158862, 2158863, 2158864, 2158865, 2158866, 2158867, 2158868, 2158872, 2158873, 2158874, 2158875, 2158876, 2158877, 2158878, 2158879, 2158880, 2158881, 2158883    
Bug Blocks: 2158844    

Description Dhananjay Arunesh 2023-01-19 11:35:13 UTC 
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871
Comment 1 errata-xmlrpc 2023-01-23 09:18:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0285 https://access.redhat.com/errata/RHSA-2023:0285
Comment 2 errata-xmlrpc 2023-01-23 09:18:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0286 https://access.redhat.com/errata/RHSA-2023:0286
Comment 3 errata-xmlrpc 2023-01-23 09:19:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0288 https://access.redhat.com/errata/RHSA-2023:0288
Comment 4 errata-xmlrpc 2023-01-23 09:20:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0290 https://access.redhat.com/errata/RHSA-2023:0290
Comment 5 errata-xmlrpc 2023-01-23 09:20:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0289 https://access.redhat.com/errata/RHSA-2023:0289
Comment 6 errata-xmlrpc 2023-01-23 09:21:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0294 https://access.redhat.com/errata/RHSA-2023:0294
Comment 7 errata-xmlrpc 2023-01-23 09:22:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0295 https://access.redhat.com/errata/RHSA-2023:0295
Comment 8 errata-xmlrpc 2023-01-23 09:22:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0296 https://access.redhat.com/errata/RHSA-2023:0296
Comment 9 errata-xmlrpc 2023-01-25 15:15:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0457 https://access.redhat.com/errata/RHSA-2023:0457
Comment 10 errata-xmlrpc 2023-01-25 15:17:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0459 https://access.redhat.com/errata/RHSA-2023:0459
Comment 11 errata-xmlrpc 2023-01-25 15:24:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0461 https://access.redhat.com/errata/RHSA-2023:0461
Comment 12 errata-xmlrpc 2023-01-25 15:25:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0460 https://access.redhat.com/errata/RHSA-2023:0460
Comment 13 errata-xmlrpc 2023-01-25 15:25:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0456 https://access.redhat.com/errata/RHSA-2023:0456
Comment 14 errata-xmlrpc 2023-01-25 15:28:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0462 https://access.redhat.com/errata/RHSA-2023:0462
Comment 15 errata-xmlrpc 2023-01-25 15:29:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0463
Comment 16 errata-xmlrpc 2023-01-26 17:15:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0476 https://access.redhat.com/errata/RHSA-2023:0476
Comment 17 Product Security DevOps Team 2023-01-29 04:22:23 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-46871