Security patch release notes

Review the release notes for security patches for 2.0.x Cloud Pak for Data System.

Security patches are tied to the version of Red Hat Linux that is installed on Cloud Pak for Data System.

The patches for a specific Red Hat release are cumulative. For example, if your system is on 8.6, you only need to install the latest patch that applies to 8.6, there is no need to install all of them one by one.

Verify that which patch can be installed on your system. Do not apply the patch if the Red Hat Linux version on your system does not match.

For installation, see Applying security patches. Downtime is required when installing the security patch.

8.6.23.09.SP11

The release date of 8.6.23.09.SP11 security patch is 26 September 2023. The estimated run time is around 90 minutes.

The 8.6.23.09.SP11 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Restriction: 8.6.23.09.SP11 cannot be applied over Cloud Pak for Data System 2.0.2.1 IF1.

Note:

During 8.6.23.09.SP11 security patch application, you might run into the following errors:

Error 1

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

This error occurs due to a mismatch in the RHEL versions.

Workaround

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

Error 2

FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help

This error happens after apupgrade starts the system, brings it to Ready state, and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.

Workaround

Wait for apupgrade to time out.

Run oc login command that is written in the log. For example:

oc login -u system:admin -n default https://api.localcluster.fbond:6443

Restart the upgrade.

The list of Red Hat CVEs which are expected to be patched in this release:

RHSA-2023:4101 Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.4.x86_64
CVE-2023-2828  Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.4.x86_64
classification Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.4.x86_64
RHSA-2023:4413 Important/Sec. openssh-8.0p1-15.el8_6.x86_64
CVE-2023-38408 Important/Sec. openssh-8.0p1-15.el8_6.x86_64
classification Important/Sec. openssh-8.0p1-15.el8_6.x86_64
RHSA-2023:4413 Important/Sec. openssh-clients-8.0p1-15.el8_6.x86_64
CVE-2023-38408 Important/Sec. openssh-clients-8.0p1-15.el8_6.x86_64
classification Important/Sec. openssh-clients-8.0p1-15.el8_6.x86_64
RHSA-2023:4413 Important/Sec. openssh-server-8.0p1-15.el8_6.x86_64
CVE-2023-38408 Important/Sec. openssh-server-8.0p1-15.el8_6.x86_64
classification Important/Sec. openssh-server-8.0p1-15.el8_6.x86_64
RHSA-2023:4770 Important/Sec. cups-libs-1:2.2.6-45.el8_6.3.x86_64
CVE-2023-32360 Important/Sec. cups-libs-1:2.2.6-45.el8_6.3.x86_64
classification Important/Sec. cups-libs-1:2.2.6-45.el8_6.3.x86_64
CVE-2023-32360 - cups-2.2.6-51.el8_8.1.x86_64.rpm
CVE-2023-32360 - cups-client-2.2.6-51.el8_8.1.x86_64.rpm
CVE-2023-32360 - cups-filesystem-2.2.6-51.el8_8.1.noarch.rpm
CVE-2023-32360 - cups-ipptool-2.2.6-51.el8_8.1.x86_64.rpm
RHSA-2023:4705 Important/Sec. dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. dnf-plugin-subscription-manager-1.28.29.1-2.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.70.1.el8_6.x86_64   
RHSA-2023:4789 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4789 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4767 Moderate/Sec.  libxml2-2.9.7-13.el8_6.2.x86_64
CVE-2016-3709  Moderate/Sec.  libxml2-2.9.7-13.el8_6.2.x86_64
classification Moderate/Sec.  libxml2-2.9.7-13.el8_6.2.x86_64
RHSA-2023:4789 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4705 Important/Sec. python3-cloud-what-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. python3-cloud-what-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. python3-cloud-what-1.28.29.1-2.el8_6.x86_64
RHSA-2023:4767 Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.2.x86_64
CVE-2016-3709  Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.2.x86_64
classification Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.2.x86_64
RHSA-2023:4789 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2021-33656 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2022-42896 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1637  Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-1829  Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2002  Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-2124  Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-3390  Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-20593 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-28466 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
CVE-2023-35788 Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.70.1.el8_6.x86_64
RHSA-2023:4705 Important/Sec. python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. python3-subscription-manager-rhsm-1.28.29.1-2.el8_6.x86_64
RHSA-2023:4705 Important/Sec. python3-syspurpose-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. python3-syspurpose-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. python3-syspurpose-1.28.29.1-2.el8_6.x86_64
RHSA-2023:4705 Important/Sec. rhsm-icons-1.28.29.1-2.el8_6.noarch
CVE-2023-3899  Important/Sec. rhsm-icons-1.28.29.1-2.el8_6.noarch
classification Important/Sec. rhsm-icons-1.28.29.1-2.el8_6.noarch
RHSA-2023:4705 Important/Sec. subscription-manager-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. subscription-manager-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. subscription-manager-1.28.29.1-2.el8_6.x86_64
RHSA-2023:4705 Important/Sec. subscription-manager-cockpit-1.28.29.1-2.el8_6.noarch
CVE-2023-3899  Important/Sec. subscription-manager-cockpit-1.28.29.1-2.el8_6.noarch
classification Important/Sec. subscription-manager-cockpit-1.28.29.1-2.el8_6.noarch
RHSA-2023:4705 Important/Sec. subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.x86_64
CVE-2023-3899  Important/Sec. subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.x86_64
classification Important/Sec. subscription-manager-rhsm-certificates-1.28.29.1-2.el8_6.x86_64

8.6.23.07.SP10

The release date of 8.6.23.07.SP10 security patch is 14 August 2023. The estimated run time is around 80 minutes.

The 8.6.23.07.SP10 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.07.SP10 security patch application, you might run into the following errors:

Error 1

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

This error occurs due to a mismatch in the RHEL versions.

Workaround

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

Error 2

FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help

Workaround

Wait for apupgrade to time out.

Run oc login command that is written in the log. For example:

oc login -u system:admin -n default https://api.localcluster.fbond:6443

Restart the upgrade.

Error 3

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.07.SP10, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs which are patched in this release:

RHSA-2023:3796 Important/Sec. platform-python-3.6.8-47.el8_6.1.x86_64
CVE-2023-24329 Important/Sec. platform-python-3.6.8-47.el8_6.1.x86_64
classification Important/Sec. platform-python-3.6.8-47.el8_6.1.x86_64
RHSA-2023:3796 Important/Sec. python3-libs-3.6.8-47.el8_6.1.x86_64
CVE-2023-24329 Important/Sec. python3-libs-3.6.8-47.el8_6.1.x86_64
classification Important/Sec. python3-libs-3.6.8-47.el8_6.1.x86_64

8.6.23.06.SP9

The release date of 8.6.23.06.SP9 security patch is 18 July 2023. The estimated run time is around 90 minutes.

The 8.6.23.06.SP9 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.06.SP9 security patch application, you might run into the following errors:

Error 1

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

This error occurs due to a mismatch in the RHEL versions.

Workaround

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

Error 2

FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help

Workaround

Wait for apupgrade to time out.

Run oc login command that is written in the log. For example:

oc login -u system:admin -n default https://api.localcluster.fbond:6443

Restart the upgrade.

Error 3

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.06.SP9, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs that are patched in this release:

RHSA-2023:3662 Important/Sec. c-ares-1.13.0-6.el8_6.1.x86_64
CVE-2023-32067 Important/Sec. c-ares-1.13.0-6.el8_6.1.x86_64
classification Important/Sec. c-ares-1.13.0-6.el8_6.1.x86_64
RHSA-2023:3361 Moderate/Sec.  gnutls-3.6.16-5.el8_6.1.x86_64
CVE-2023-0361  Moderate/Sec.  gnutls-3.6.16-5.el8_6.1.x86_64
classification Moderate/Sec.  gnutls-3.6.16-5.el8_6.1.x86_64
RHSA-2023:3388 Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3408 Moderate/Sec.  openssl-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4304  Moderate/Sec.  openssl-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4450  Moderate/Sec.  openssl-1:1.1.1k-9.el8_6.x86_64
CVE-2023-0215  Moderate/Sec.  openssl-1:1.1.1k-9.el8_6.x86_64
classification Moderate/Sec.  openssl-1:1.1.1k-9.el8_6.x86_64
RHSA-2023:3408 Moderate/Sec.  openssl-devel-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4304  Moderate/Sec.  openssl-devel-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4450  Moderate/Sec.  openssl-devel-1:1.1.1k-9.el8_6.x86_64
CVE-2023-0215  Moderate/Sec.  openssl-devel-1:1.1.1k-9.el8_6.x86_64
classification Moderate/Sec.  openssl-devel-1:1.1.1k-9.el8_6.x86_64
RHSA-2023:3408 Moderate/Sec.  openssl-libs-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4304  Moderate/Sec.  openssl-libs-1:1.1.1k-9.el8_6.x86_64
CVE-2022-4450  Moderate/Sec.  openssl-libs-1:1.1.1k-9.el8_6.x86_64
CVE-2023-0215  Moderate/Sec.  openssl-libs-1:1.1.1k-9.el8_6.x86_64
classification Moderate/Sec.  openssl-libs-1:1.1.1k-9.el8_6.x86_64
RHSA-2023:3388 Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.57.1.el8_6.x86_64
RHSA-2023:3388 Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-3564  Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-4378  Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-39188 Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64
CVE-2022-42703 Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.57.1.el8_6.x86_64

8.6.23.05.SP8

The release date of 8.6.23.05.SP8 security patch is 31 May 2023. The estimated run time is around 80 minutes.

The 8.6.23.05.SP8 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.05.SP8 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command, which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.05.SP8, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs which are patched in this release:

RHSA-2023:1842 Moderate/Sec.  curl-7.61.1-22.el8_6.6.x86_64
CVE-2023-23916 Moderate/Sec.  curl-7.61.1-22.el8_6.6.x86_64
classification Moderate/Sec.  curl-7.61.1-22.el8_6.6.x86_64
RHSA-2023:1931 Important/Sec. emacs-filesystem-1:26.1-7.el8_6.1.noarch
CVE-2023-28617 Important/Sec. emacs-filesystem-1:26.1-7.el8_6.1.noarch
classification Important/Sec. emacs-filesystem-1:26.1-7.el8_6.1.noarch
RHSA-2023:1841 Important/Sec. kernel-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-core-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-core-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-debuginfo-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-debuginfo-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-devel-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-devel-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-headers-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-headers-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-modules-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-modules-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-modules-extra-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-modules-extra-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-tools-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-tools-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. kernel-tools-libs-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. kernel-tools-libs-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1842 Moderate/Sec.  libcurl-7.61.1-22.el8_6.6.x86_64
CVE-2023-23916 Moderate/Sec.  libcurl-7.61.1-22.el8_6.6.x86_64
classification Moderate/Sec.  libcurl-7.61.1-22.el8_6.6.x86_64
RHSA-2023:2136 Important/Sec. libsmbclient-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. libsmbclient-4.15.5-12.el8_6.x86_64
classification Important/Sec. libsmbclient-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. libwbclient-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. libwbclient-4.15.5-12.el8_6.x86_64
classification Important/Sec. libwbclient-4.15.5-12.el8_6.x86_64
RHSA-2023:1841 Important/Sec. perf-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. perf-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:1841 Important/Sec. python3-perf-4.18.0-372.52.1.el8_6.x86_64
CVE-2023-0461  Important/Sec. python3-perf-4.18.0-372.52.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.52.1.el8_6.x86_64
RHSA-2023:2136 Important/Sec. python3-samba-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. python3-samba-4.15.5-12.el8_6.x86_64
classification Important/Sec. python3-samba-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-client-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-client-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-client-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-client-libs-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-client-libs-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-client-libs-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-common-4.15.5-12.el8_6.noarch
CVE-2022-38023 Important/Sec. samba-common-4.15.5-12.el8_6.noarch
classification Important/Sec. samba-common-4.15.5-12.el8_6.noarch
RHSA-2023:2136 Important/Sec. samba-common-libs-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-common-libs-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-common-libs-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-common-tools-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-common-tools-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-common-tools-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-libs-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-libs-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-libs-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-winbind-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-winbind-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-winbind-4.15.5-12.el8_6.x86_64
RHSA-2023:2136 Important/Sec. samba-winbind-modules-4.15.5-12.el8_6.x86_64
CVE-2022-38023 Important/Sec. samba-winbind-modules-4.15.5-12.el8_6.x86_64
classification Important/Sec. samba-winbind-modules-4.15.5-12.el8_6.x86_64

8.6.23.04.SP7

The release date of 8.6.23.04.SP7 security patch is 27 April 2023. The estimated run time is around 80 minutes.

The 8.6.23.04.SP7 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.04.SP7 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.04.SP7, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs which are patched in this release:

RHSA-2023:1554 Important/Sec. kernel-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-core-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-core-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-core-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-debuginfo-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-debuginfo-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-debuginfo-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-devel-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-devel-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-devel-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-headers-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-headers-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-headers-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-modules-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-modules-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-modules-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-modules-extra-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-modules-extra-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-modules-extra-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-tools-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-tools-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-tools-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. kernel-tools-libs-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. kernel-tools-libs-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. kernel-tools-libs-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1441 Important/Sec. openssl-1:1.1.1k-8.el8_6.x86_64
CVE-2023-0286  Important/Sec. openssl-1:1.1.1k-8.el8_6.x86_64
classification Important/Sec. openssl-1:1.1.1k-8.el8_6.x86_64
RHSA-2023:1441 Important/Sec. openssl-devel-1:1.1.1k-8.el8_6.x86_64
CVE-2023-0286  Important/Sec. openssl-devel-1:1.1.1k-8.el8_6.x86_64
classification Important/Sec. openssl-devel-1:1.1.1k-8.el8_6.x86_64
RHSA-2023:1441 Important/Sec. openssl-libs-1:1.1.1k-8.el8_6.x86_64
CVE-2023-0286  Important/Sec. openssl-libs-1:1.1.1k-8.el8_6.x86_64
classification Important/Sec. openssl-libs-1:1.1.1k-8.el8_6.x86_64
RHSA-2023:1554 Important/Sec. perf-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. perf-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. perf-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.51.1.el8_6.x86_64
RHSA-2023:1554 Important/Sec. python3-perf-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0266  Important/Sec. python3-perf-4.18.0-372.51.1.el8_6.x86_64
CVE-2023-0386  Important/Sec. python3-perf-4.18.0-372.51.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.51.1.el8_6.x86_64

8.6.23.03.SP6

The release date of 8.6.23.03.SP6 security patch is 30 March 2023. The estimated run time is around 70 minutes.

The 8.6.23.03.SP6 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.03.SP6 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.03.SP6, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs which are patched in this release:

RHSA-2023:1130 Important/Sec. kernel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-core-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-core-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-core-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-core-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-devel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-devel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-devel-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-devel-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-headers-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-headers-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-headers-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-headers-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-modules-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-modules-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-modules-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-modules-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-tools-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-tools-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-tools-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-tools-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. perf-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.46.1.el8_6.x86_64
RHSA-2023:1130 Important/Sec. python3-perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-2964  Important/Sec. python3-perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-4269  Important/Sec. python3-perf-4.18.0-372.46.1.el8_6.x86_64
CVE-2022-41222 Important/Sec. python3-perf-4.18.0-372.46.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.46.1.el8_6.x86_64

8.6.23.02.SP5

The release date of 8.6.23.02.SP5 security patch is 22 February 2023. The estimated run time is around 80 minutes.

The 8.6.23.02.SP5 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.02.SP5 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.02.SP5, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs which are patched in this release:

RHSA-2023:0440 Important/Sec. kernel-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-core-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-core-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-core-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-core-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-debuginfo-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-devel-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-devel-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-devel-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-devel-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-headers-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-headers-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-headers-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-headers-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-modules-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-modules-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-modules-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-modules-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-modules-extra-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-tools-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-tools-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-tools-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-tools-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. kernel-tools-libs-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0594 Important/Sec. libksba-1.3.5-9.el8_6.x86_64
CVE-2022-47629 Important/Sec. libksba-1.3.5-9.el8_6.x86_64
classification Important/Sec. libksba-1.3.5-9.el8_6.x86_64
RHSA-2023:0440 Important/Sec. perf-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. perf-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. perf-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. perf-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0440 Important/Sec. python3-perf-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-4139  Important/Sec. python3-perf-4.18.0-372.41.1.el8_6.x86_64
CVE-2022-26373 Important/Sec. python3-perf-4.18.0-372.41.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.41.1.el8_6.x86_64
ref_0          Important/Sec. python3-perf-4.18.0-372.41.1.el8_6.x86_64
RHSA-2023:0283 Important/Sec. sudo-1.8.29-8.el8_6.1.x86_64
CVE-2023-22809 Important/Sec. sudo-1.8.29-8.el8_6.1.x86_64
classification Important/Sec. sudo-1.8.29-8.el8_6.1.x86_64

8.6.23.01.SP4

The release date of 8.6.23.01.SP4 security patch is 31 January 2023. The estimated run time is around 80 minutes.

The 8.6.23.01.SP4 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.23.01.SP4 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.23.01.SP4, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs patched in this release:

RHSA-2022:8812 Moderate/Sec.  dbus-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42010 Moderate/Sec.  dbus-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42011 Moderate/Sec.  dbus-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42012 Moderate/Sec.  dbus-1:1.12.8-18.el8_6.2.x86_64
classification Moderate/Sec.  dbus-1:1.12.8-18.el8_6.2.x86_64
RHSA-2022:8812 Moderate/Sec.  dbus-common-1:1.12.8-18.el8_6.2.noarch
CVE-2022-42010 Moderate/Sec.  dbus-common-1:1.12.8-18.el8_6.2.noarch
CVE-2022-42011 Moderate/Sec.  dbus-common-1:1.12.8-18.el8_6.2.noarch
CVE-2022-42012 Moderate/Sec.  dbus-common-1:1.12.8-18.el8_6.2.noarch
classification Moderate/Sec.  dbus-common-1:1.12.8-18.el8_6.2.noarch
RHSA-2022:8812 Moderate/Sec.  dbus-daemon-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42010 Moderate/Sec.  dbus-daemon-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42011 Moderate/Sec.  dbus-daemon-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42012 Moderate/Sec.  dbus-daemon-1:1.12.8-18.el8_6.2.x86_64
classification Moderate/Sec.  dbus-daemon-1:1.12.8-18.el8_6.2.x86_64
RHSA-2022:8812 Moderate/Sec.  dbus-libs-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42010 Moderate/Sec.  dbus-libs-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42011 Moderate/Sec.  dbus-libs-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42012 Moderate/Sec.  dbus-libs-1:1.12.8-18.el8_6.2.x86_64
classification Moderate/Sec.  dbus-libs-1:1.12.8-18.el8_6.2.x86_64
RHSA-2022:8812 Moderate/Sec.  dbus-tools-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42010 Moderate/Sec.  dbus-tools-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42011 Moderate/Sec.  dbus-tools-1:1.12.8-18.el8_6.2.x86_64
CVE-2022-42012 Moderate/Sec.  dbus-tools-1:1.12.8-18.el8_6.2.x86_64
classification Moderate/Sec.  dbus-tools-1:1.12.8-18.el8_6.2.x86_64
RHSA-2023:0048 Moderate/Sec.  grub2-common-1:2.02-123.el8_6.12.noarch
CVE-2022-2601  Moderate/Sec.  grub2-common-1:2.02-123.el8_6.12.noarch
CVE-2022-3775  Moderate/Sec.  grub2-common-1:2.02-123.el8_6.12.noarch
classification Moderate/Sec.  grub2-common-1:2.02-123.el8_6.12.noarch
RHSA-2023:0048 Moderate/Sec.  grub2-pc-1:2.02-123.el8_6.12.x86_64
CVE-2022-2601  Moderate/Sec.  grub2-pc-1:2.02-123.el8_6.12.x86_64
CVE-2022-3775  Moderate/Sec.  grub2-pc-1:2.02-123.el8_6.12.x86_64
classification Moderate/Sec.  grub2-pc-1:2.02-123.el8_6.12.x86_64
RHSA-2023:0048 Moderate/Sec.  grub2-pc-modules-1:2.02-123.el8_6.12.noarch
CVE-2022-2601  Moderate/Sec.  grub2-pc-modules-1:2.02-123.el8_6.12.noarch
CVE-2022-3775  Moderate/Sec.  grub2-pc-modules-1:2.02-123.el8_6.12.noarch
classification Moderate/Sec.  grub2-pc-modules-1:2.02-123.el8_6.12.noarch
RHSA-2023:0048 Moderate/Sec.  grub2-tools-1:2.02-123.el8_6.12.x86_64
CVE-2022-2601  Moderate/Sec.  grub2-tools-1:2.02-123.el8_6.12.x86_64
CVE-2022-3775  Moderate/Sec.  grub2-tools-1:2.02-123.el8_6.12.x86_64
classification Moderate/Sec.  grub2-tools-1:2.02-123.el8_6.12.x86_64
RHSA-2023:0048 Moderate/Sec.  grub2-tools-efi-1:2.02-123.el8_6.12.x86_64
CVE-2022-2601  Moderate/Sec.  grub2-tools-efi-1:2.02-123.el8_6.12.x86_64
CVE-2022-3775  Moderate/Sec.  grub2-tools-efi-1:2.02-123.el8_6.12.x86_64
classification Moderate/Sec.  grub2-tools-efi-1:2.02-123.el8_6.12.x86_64
RHSA-2023:0048 Moderate/Sec.  grub2-tools-extra-1:2.02-123.el8_6.12.x86_64
CVE-2022-2601  Moderate/Sec.  grub2-tools-extra-1:2.02-123.el8_6.12.x86_64
CVE-2022-3775  Moderate/Sec.  grub2-tools-extra-1:2.02-123.el8_6.12.x86_64
classification Moderate/Sec.  grub2-tools-extra-1:2.02-123.el8_6.12.x86_64
RHSA-2023:0048 Moderate/Sec.  grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64
CVE-2022-2601  Moderate/Sec.  grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64
CVE-2022-3775  Moderate/Sec.  grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64
classification Moderate/Sec.  grub2-tools-minimal-1:2.02-123.el8_6.12.x86_64
RHSA-2022:8809 Important/Sec. kernel-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-core-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-core-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-core-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-devel-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-devel-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-devel-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-headers-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-headers-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-headers-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-modules-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-modules-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-modules-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-modules-extra-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-modules-extra-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-modules-extra-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-tools-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-tools-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-tools-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. kernel-tools-libs-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. kernel-tools-libs-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. kernel-tools-libs-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. perf-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. perf-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. perf-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.36.1.el8_6.x86_64
RHSA-2022:8809 Important/Sec. python3-perf-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-1158  Important/Sec. python3-perf-4.18.0-372.36.1.el8_6.x86_64
CVE-2022-2639  Important/Sec. python3-perf-4.18.0-372.36.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.36.1.el8_6.x86_64

8.6.22.12.SP3

The release date of 8.6.22.12.SP3 security patch is 6 January 2023.The estimated run time is around 80 minutes. This security patch includes the list of CVEs for November and December 2022.

The 8.6.22.12.SP3 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.22.12.SP3 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

If you try to upgrade to 2.0.2.1 after applying the security patch 8.6.22.12.SP3, the upgrade might fail with the following error:

1. McpUpgrader.install
        Upgrade Detail: Component install for mcp
        Caller Info:The call was made from 'McpInstaller.install' on line 54 with file located at '/localrepo/2.0.2.1/EXTRACT/platform/upgrade/bundle_upgraders/../mcp/mcp_installer.py'
        Message: mcp:AbstractUpgrader.installer:Failed to execute mcp update

Workaround:

Run the following command to extract RPMs:

cd /localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos && rpm2cpio master*.rpm | cpio -idm && rpm2cpio master*.rpm | cpio -t

Copy node-os*.rpm from the 2.0.2.1 bundle to /tmp on all control nodes.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'scp e1n1:/localrepo/<2.0.2.1_bundle_dir>/EXTRACT/platform/upgrade/nodeos/install/master-node-xcat-bundle/node-os-2.0.2.0.noarch.rpm /tmp/'; done

Install the copied node-os*.rpm.

for i in $(/opt/ibm/appliance/platform/xcat/scripts/xcat/display_nodes.py --control); do ssh $i 'rpm -Uvh --force /tmp/node-os-2.0.2.0.noarch.rpm'; done

Rerun the same apupgrade command that failed:

apupgrade --upgrade --upgrade-directory /localrepo --phase platform --use-version <your-2.0.2.1-upgrade-dir>

The list of Red Hat CVEs patched in this release:

RHSA-2022:7192 Important/Sec. device-mapper-multipath-0.8.4-22.el8_6.2.x86_64
CVE-2022-41974 Important/Sec. device-mapper-multipath-0.8.4-22.el8_6.2.x86_64
classification Important/Sec. device-mapper-multipath-0.8.4-22.el8_6.2.x86_64
RHSA-2022:7192 Important/Sec. device-mapper-multipath-libs-0.8.4-22.el8_6.2.x86_64
CVE-2022-41974 Important/Sec. device-mapper-multipath-libs-0.8.4-22.el8_6.2.x86_64
classification Important/Sec. device-mapper-multipath-libs-0.8.4-22.el8_6.2.x86_64
RHSA-2022:7105 Moderate/Sec.  gnutls-3.6.16-5.el8_6.x86_64
CVE-2022-2509  Moderate/Sec.  gnutls-3.6.16-5.el8_6.x86_64
classification Moderate/Sec.  gnutls-3.6.16-5.el8_6.x86_64
RHSA-2022:7105 Moderate/Sec.  gnutls-c++-3.6.16-5.el8_6.x86_64
CVE-2022-2509  Moderate/Sec.  gnutls-c++-3.6.16-5.el8_6.x86_64
classification Moderate/Sec.  gnutls-c++-3.6.16-5.el8_6.x86_64
RHSA-2022:7105 Moderate/Sec.  gnutls-dane-3.6.16-5.el8_6.x86_64
CVE-2022-2509  Moderate/Sec.  gnutls-dane-3.6.16-5.el8_6.x86_64
classification Moderate/Sec.  gnutls-dane-3.6.16-5.el8_6.x86_64
RHSA-2022:7105 Moderate/Sec.  gnutls-utils-3.6.16-5.el8_6.x86_64
CVE-2022-2509  Moderate/Sec.  gnutls-utils-3.6.16-5.el8_6.x86_64
classification Moderate/Sec.  gnutls-utils-3.6.16-5.el8_6.x86_64
RHSA-2022:7006 Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21619 Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21624 Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21626 Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21628 Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
classification Moderate/Sec.  java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_6.x86_64
RHSA-2022:7006 Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21619 Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21624 Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21626 Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
CVE-2022-21628 Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
classification Moderate/Sec.  java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7192 Important/Sec. kpartx-0.8.4-22.el8_6.2.x86_64
CVE-2022-41974 Important/Sec. kpartx-0.8.4-22.el8_6.2.x86_64
classification Important/Sec. kpartx-0.8.4-22.el8_6.2.x86_64
RHSA-2022:7089 Important/Sec. libksba-1.3.5-8.el8_6.x86_64
CVE-2022-3515  Important/Sec. libksba-1.3.5-8.el8_6.x86_64
classification Important/Sec. libksba-1.3.5-8.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  libsmbclient-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  libsmbclient-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  libsmbclient-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  libwbclient-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  libwbclient-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  libwbclient-4.15.5-10.el8_6.x86_64
RHSA-2022:7110 Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7110 Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-0494  Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-1353  Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-2588  Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23816 Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-23825 Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29900 Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
CVE-2022-29901 Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.32.1.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  python3-samba-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  python3-samba-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  python3-samba-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-client-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-client-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-client-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-client-libs-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-client-libs-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-client-libs-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-common-4.15.5-10.el8_6.noarch
CVE-2022-32742 Moderate/Sec.  samba-common-4.15.5-10.el8_6.noarch
classification Moderate/Sec.  samba-common-4.15.5-10.el8_6.noarch
RHSA-2022:7111 Moderate/Sec.  samba-common-libs-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-common-libs-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-common-libs-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-common-tools-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-common-tools-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-common-tools-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-libs-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-libs-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-libs-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-winbind-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-winbind-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-winbind-4.15.5-10.el8_6.x86_64
RHSA-2022:7111 Moderate/Sec.  samba-winbind-modules-4.15.5-10.el8_6.x86_64
CVE-2022-32742 Moderate/Sec.  samba-winbind-modules-4.15.5-10.el8_6.x86_64
classification Moderate/Sec.  samba-winbind-modules-4.15.5-10.el8_6.x86_64
RHSA-2022:7108 Moderate/Sec.  sqlite-3.26.0-16.el8_6.x86_64
CVE-2020-35525 Moderate/Sec.  sqlite-3.26.0-16.el8_6.x86_64
CVE-2020-35527 Moderate/Sec.  sqlite-3.26.0-16.el8_6.x86_64
classification Moderate/Sec.  sqlite-3.26.0-16.el8_6.x86_64
RHSA-2022:7108 Moderate/Sec.  sqlite-libs-3.26.0-16.el8_6.x86_64
CVE-2020-35525 Moderate/Sec.  sqlite-libs-3.26.0-16.el8_6.x86_64
CVE-2020-35527 Moderate/Sec.  sqlite-libs-3.26.0-16.el8_6.x86_64
classification Moderate/Sec.  sqlite-libs-3.26.0-16.el8_6.x86_64
RHSA-2022:7106 Moderate/Sec.  zlib-1.2.11-19.el8_6.x86_64
CVE-2022-37434 Moderate/Sec.  zlib-1.2.11-19.el8_6.x86_64
classification Moderate/Sec.  zlib-1.2.11-19.el8_6.x86_64
RHSA-2022:7106 Moderate/Sec.  zlib-devel-1.2.11-19.el8_6.x86_64
CVE-2022-37434 Moderate/Sec.  zlib-devel-1.2.11-19.el8_6.x86_64
classification Moderate/Sec.  zlib-devel-1.2.11-19.el8_6.x86_64
RHSA-2022:8662 Important/Sec. krb5-devel-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. krb5-devel-1.18.2-15.el8_6.x86_64
classification Important/Sec. krb5-devel-1.18.2-15.el8_6.x86_64
RHSA-2022:8662 Important/Sec. krb5-libs-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. krb5-libs-1.18.2-15.el8_6.x86_64
classification Important/Sec. krb5-libs-1.18.2-15.el8_6.x86_64
RHSA-2022:8662 Important/Sec. krb5-pkinit-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. krb5-pkinit-1.18.2-15.el8_6.x86_64
classification Important/Sec. krb5-pkinit-1.18.2-15.el8_6.x86_64
RHSA-2022:8662 Important/Sec. krb5-server-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. krb5-server-1.18.2-15.el8_6.x86_64
classification Important/Sec. krb5-server-1.18.2-15.el8_6.x86_64
RHSA-2022:8662 Important/Sec. krb5-workstation-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. krb5-workstation-1.18.2-15.el8_6.x86_64
classification Important/Sec. krb5-workstation-1.18.2-15.el8_6.x86_64
RHSA-2022:8662 Important/Sec. libkadm5-1.18.2-15.el8_6.x86_64
CVE-2022-42898 Important/Sec. libkadm5-1.18.2-15.el8_6.x86_64
classification Important/Sec. libkadm5-1.18.2-15.el8_6.x86_64
CVE-2021-29740   gpfs.adv-5.1.2-7.x86_64

8.6.22.10.SP2

The release date of 8.6.22.10.SP2 security patch is 26 October 2022. The estimated run time is around 120 minutes.

The 8.6.22.10.SP2 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note:

During 8.6.22.10.SP2 security patch application, you might run into the following errors:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

```
FATAL ERROR: McpUpgrader.preinstall : Openshift login timed out after waiting for 30 minutes. Please run following command manually and if successful resume upgrade, or contact IBM Support for help
```
This error happens after apupgrade starts the system, brings it to Ready state and then runs the oc login command. When apupgrade terminates with a timeout, oc login seems to be working manually and after you restart the apupgrade, the same oc login command works.
Workaround:
1. Wait for apupgrade to time out.
2. Run oc login command which is written in the log. For example:
```
oc login -u system:admin -n default https://api.localcluster.fbond:6443
```
3. Restart the upgrade.

The list of Red Hat CVEs patched in this release:

RHSA-2022:6778 Important/Sec. bind-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-export-libs-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-libs-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-libs-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-libs-lite-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-libs-lite-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-libs-lite-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-libs-lite-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-license-32:9.11.36-3.el8_6.1.noarch
CVE-2022-38177 Important/Sec. bind-license-32:9.11.36-3.el8_6.1.noarch
CVE-2022-38178 Important/Sec. bind-license-32:9.11.36-3.el8_6.1.noarch
classification Important/Sec. bind-license-32:9.11.36-3.el8_6.1.noarch
RHSA-2022:6778 Important/Sec. bind-pkcs11-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-pkcs11-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-pkcs11-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-pkcs11-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-pkcs11-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-pkcs11-libs-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-pkcs11-libs-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-pkcs11-libs-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-pkcs11-utils-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-pkcs11-utils-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-pkcs11-utils-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-pkcs11-utils-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6778 Important/Sec. bind-utils-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38177 Important/Sec. bind-utils-32:9.11.36-3.el8_6.1.x86_64
CVE-2022-38178 Important/Sec. bind-utils-32:9.11.36-3.el8_6.1.x86_64
classification Important/Sec. bind-utils-32:9.11.36-3.el8_6.1.x86_64
RHSA-2022:6878 Important/Sec. expat-2.2.5-8.el8_6.3.x86_64
CVE-2022-40674 Important/Sec. expat-2.2.5-8.el8_6.3.x86_64
classification Important/Sec. expat-2.2.5-8.el8_6.3.x86_64
RHSA-2022:6463 Moderate/Sec.  gnupg2-2.2.20-3.el8_6.x86_64
CVE-2022-34903 Moderate/Sec.  gnupg2-2.2.20-3.el8_6.x86_64
classification Moderate/Sec.  gnupg2-2.2.20-3.el8_6.x86_64
RHSA-2022:6463 Moderate/Sec.  gnupg2-smime-2.2.20-3.el8_6.x86_64
CVE-2022-34903 Moderate/Sec.  gnupg2-smime-2.2.20-3.el8_6.x86_64
classification Moderate/Sec.  gnupg2-smime-2.2.20-3.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-core-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-devel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-devel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-devel-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-devel-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-devel-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-headers-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-headers-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-headers-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-headers-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-headers-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-modules-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-tools-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-tools-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-tools-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-tools-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-tools-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6443 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46659 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46661 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46663 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46664 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46665 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46668 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46669 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-21427 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24048 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24050 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24051 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24052 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27376 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27377 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27378 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27379 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27380 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27381 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27383 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27384 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27386 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27387 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27445 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27447 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27448 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27449 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27452 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27456 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27458 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-31622 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-31623 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32083 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32085 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32087 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32088 Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
classification Moderate/Sec.  mariadb-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
RHSA-2022:6443 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46659 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46661 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46663 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46664 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46665 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46668 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2021-46669 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-21427 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24048 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24050 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24051 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-24052 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27376 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27377 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27378 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27379 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27380 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27381 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27383 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27384 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27386 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27387 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27445 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27447 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27448 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27449 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27452 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27456 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-27458 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-31622 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-31623 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32083 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32085 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32087 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
CVE-2022-32088 Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
classification Moderate/Sec.  mariadb-common-3:10.3.35-1.module+el8.6.0+15949+4ba4ec26.x86_64
RHSA-2022:6460 Moderate/Sec.  perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  perf-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  perf-4.18.0-372.26.1.el8_6.x86_64
RHSA-2022:6457 Moderate/Sec.  platform-python-3.6.8-47.el8_6.x86_64
CVE-2015-20107 Moderate/Sec.  platform-python-3.6.8-47.el8_6.x86_64
CVE-2022-0391  Moderate/Sec.  platform-python-3.6.8-47.el8_6.x86_64
classification Moderate/Sec.  platform-python-3.6.8-47.el8_6.x86_64
RHSA-2022:6457 Moderate/Sec.  platform-python-devel-3.6.8-47.el8_6.x86_64
CVE-2015-20107 Moderate/Sec.  platform-python-devel-3.6.8-47.el8_6.x86_64
CVE-2022-0391  Moderate/Sec.  platform-python-devel-3.6.8-47.el8_6.x86_64
classification Moderate/Sec.  platform-python-devel-3.6.8-47.el8_6.x86_64
RHSA-2022:6778 Important/Sec. python3-bind-32:9.11.36-3.el8_6.1.noarch
CVE-2022-38177 Important/Sec. python3-bind-32:9.11.36-3.el8_6.1.noarch
CVE-2022-38178 Important/Sec. python3-bind-32:9.11.36-3.el8_6.1.noarch
classification Important/Sec. python3-bind-32:9.11.36-3.el8_6.1.noarch
RHSA-2022:6457 Moderate/Sec.  python3-libs-3.6.8-47.el8_6.x86_64
CVE-2015-20107 Moderate/Sec.  python3-libs-3.6.8-47.el8_6.x86_64
CVE-2022-0391  Moderate/Sec.  python3-libs-3.6.8-47.el8_6.x86_64
classification Moderate/Sec.  python3-libs-3.6.8-47.el8_6.x86_64
RHSA-2022:6460 Moderate/Sec.  python3-perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21123 Moderate/Sec.  python3-perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21125 Moderate/Sec.  python3-perf-4.18.0-372.26.1.el8_6.x86_64
CVE-2022-21166 Moderate/Sec.  python3-perf-4.18.0-372.26.1.el8_6.x86_64
classification Moderate/Sec.  python3-perf-4.18.0-372.26.1.el8_6.x86_64

8.6.22.09.SP1

Security patch released in September 2022. The estimated run time is around 120 minutes.

The 8.6.22.09.SP1 patch is based on RHEL 8.6, and it can only be installed on Cloud Pak for Data System 2.0.2 versions.

Note: When you apply 8.6.22.09.SP1 on 2.0.2 version, the upgrade might fail with the following error:

apupgrade --use-version 8.2.22.08.SP1-20220810.193807-1-icpds-release --upgrade-directory /localrepo --upgrade --phase platform
Logging to: /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log

Unhandled error when attempting upgrade. Stack trace of failed command logged to /var/log/appliance/apupgrade/20220816/apupgrade20220816032148.log.tracelog
Unable to upgrade to a security patch with mismatched RHEL versions. 2.0.2.0-20220805081320b26605 does not support upgrade to 8.2.22.08.SP1-20220810.193807-1-icpds-release
<class 'Exception'>

due to a mismatch in the RHEL versions.

Workaround:

From e1n1, run the following commands to patch the code in the existing scripts:

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/apupgrade_prereqs/yosemite_apupgrade_prereqs.py

sed -i -e "s,':' -f5,' ' -f6,g" /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

sed -i -e 's,system-release-cpe,redhat-release,g' /opt/ibm/appliance/apupgrade/modules/ibm/ca/checker/yosemite_bundleupgradechecker.py

The list of Red Hat CVEs patched in this release:

RHSA-2022:5326 Low/Sec.       compat-openssl10-1:1.0.2o-4.el8_6.x86_64
CVE-2022-0778  Low/Sec.       compat-openssl10-1:1.0.2o-4.el8_6.x86_64
classification Low/Sec.       compat-openssl10-1:1.0.2o-4.el8_6.x86_64
RHSA-2022:5313 Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
CVE-2022-22576 Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27774 Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27776 Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27782 Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
classification Moderate/Sec.  curl-7.61.1-22.el8_6.3.x86_64
RHSA-2022:6159 Moderate/Sec.  curl-7.61.1-22.el8_6.4.x86_64
CVE-2022-32206 Moderate/Sec.  curl-7.61.1-22.el8_6.4.x86_64
CVE-2022-32208 Moderate/Sec.  curl-7.61.1-22.el8_6.4.x86_64
classification Moderate/Sec.  curl-7.61.1-22.el8_6.4.x86_64
RHSA-2022:5314 Moderate/Sec.  expat-2.2.5-8.el8_6.2.x86_64
CVE-2022-25313 Moderate/Sec.  expat-2.2.5-8.el8_6.2.x86_64
CVE-2022-25314 Moderate/Sec.  expat-2.2.5-8.el8_6.2.x86_64
classification Moderate/Sec.  expat-2.2.5-8.el8_6.2.x86_64
RHSA-2022:5095 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2021-3695  Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2021-3696  Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2021-3697  Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2022-28733 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2022-28734 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2022-28735 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2022-28736 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
CVE-2022-28737 Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
classification Important/Sec. grub2-common-1:2.02-123.el8_6.8.noarch
RHSA-2022:5095 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2021-3695  Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2021-3696  Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2021-3697  Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2022-28733 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2022-28734 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2022-28735 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2022-28736 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
CVE-2022-28737 Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
classification Important/Sec. grub2-pc-1:2.02-123.el8_6.8.x86_64
RHSA-2022:5095 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2021-3695  Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2021-3696  Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2021-3697  Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2022-28733 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2022-28734 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2022-28735 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2022-28736 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
CVE-2022-28737 Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
classification Important/Sec. grub2-pc-modules-1:2.02-123.el8_6.8.noarch
RHSA-2022:5095 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2021-3695  Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2021-3696  Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2021-3697  Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2022-28733 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2022-28734 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2022-28735 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2022-28736 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
CVE-2022-28737 Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
classification Important/Sec. grub2-tools-1:2.02-123.el8_6.8.x86_64
RHSA-2022:5095 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2021-3695  Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2021-3696  Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2021-3697  Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2022-28733 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2022-28734 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2022-28735 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2022-28736 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
CVE-2022-28737 Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
classification Important/Sec. grub2-tools-efi-1:2.02-123.el8_6.8.x86_64
RHSA-2022:5095 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2021-3695  Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2021-3696  Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2021-3697  Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2022-28733 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2022-28734 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2022-28735 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2022-28736 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
CVE-2022-28737 Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
classification Important/Sec. grub2-tools-extra-1:2.02-123.el8_6.8.x86_64
RHSA-2022:5095 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2021-3695  Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2021-3696  Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2021-3697  Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2022-28733 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2022-28734 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2022-28735 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2022-28736 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
CVE-2022-28737 Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
classification Important/Sec. grub2-tools-minimal-1:2.02-123.el8_6.8.x86_64
RHSA-2022:5163 Low/Sec.       httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
CVE-2020-13950 Low/Sec.       httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
classification Low/Sec.       httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
RHSA-2022:5163 Low/Sec.       httpd-filesystem-2.4.37-47.module+el8.6.0+15654+427eba2e.2.noarch
CVE-2020-13950 Low/Sec.       httpd-filesystem-2.4.37-47.module+el8.6.0+15654+427eba2e.2.noarch
classification Low/Sec.       httpd-filesystem-2.4.37-47.module+el8.6.0+15654+427eba2e.2.noarch
RHSA-2022:5163 Low/Sec.       httpd-tools-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
CVE-2020-13950 Low/Sec.       httpd-tools-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
classification Low/Sec.       httpd-tools-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
RHSA-2020:0981 Important/Sec. ipmitool-1.8.18-12.el8_1.x86_64
CVE-2020-5208  Important/Sec. ipmitool-1.8.18-12.el8_1.x86_64
classification Important/Sec. ipmitool-1.8.18-12.el8_1.x86_64
RHSA-2022:5696 Important/Sec. java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-21540 Important/Sec. java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-21541 Important/Sec. java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-34169 Important/Sec. java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6.x86_64
classification Important/Sec. java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6.x86_64
RHSA-2022:5696 Important/Sec. java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-21540 Important/Sec. java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-21541 Important/Sec. java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
CVE-2022-34169 Important/Sec. java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
classification Important/Sec. java-1.8.0-openjdk-headless-1:1.8.0.342.b07-2.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-core-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-core-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-core-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-core-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-debuginfo-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-debuginfo-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-debuginfo-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-debuginfo-common-x86_64-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-devel-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-devel-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-devel-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-devel-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-headers-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-headers-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-headers-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-headers-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-modules-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-modules-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-modules-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-modules-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-modules-extra-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-modules-extra-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-modules-extra-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-modules-extra-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-tools-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-tools-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-tools-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-tools-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5819 Important/Sec. kernel-tools-libs-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. kernel-tools-libs-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. kernel-tools-libs-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. kernel-tools-libs-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5313 Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
CVE-2022-22576 Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27774 Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27776 Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
CVE-2022-27782 Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
classification Moderate/Sec.  libcurl-7.61.1-22.el8_6.3.x86_64
RHSA-2022:6159 Moderate/Sec.  libcurl-7.61.1-22.el8_6.4.x86_64
CVE-2022-32206 Moderate/Sec.  libcurl-7.61.1-22.el8_6.4.x86_64
CVE-2022-32208 Moderate/Sec.  libcurl-7.61.1-22.el8_6.4.x86_64
classification Moderate/Sec.  libcurl-7.61.1-22.el8_6.4.x86_64
RHSA-2022:5311 Moderate/Sec.  libgcrypt-1.8.5-7.el8_6.x86_64
CVE-2021-40528 Moderate/Sec.  libgcrypt-1.8.5-7.el8_6.x86_64
classification Moderate/Sec.  libgcrypt-1.8.5-7.el8_6.x86_64
RHSA-2022:5331 Moderate/Sec.  libinput-1.16.3-3.el8_6.x86_64
CVE-2022-1215  Moderate/Sec.  libinput-1.16.3-3.el8_6.x86_64
classification Moderate/Sec.  libinput-1.16.3-3.el8_6.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-client-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-config-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-config-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-interface-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-network-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-nodedev-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-nwfilter-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-qemu-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-secret-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-core-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-disk-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-gluster-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-logical-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-mpath-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-rbd-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-driver-storage-scsi-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-daemon-kvm-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5821 Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4206  Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2021-4207  Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26353 Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
CVE-2022-26354 Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
classification Moderate/Sec.  libvirt-libs-8.0.0-5.2.module+el8.6.0+15256+3a0914fe.x86_64
RHSA-2022:5317 Moderate/Sec.  libxml2-2.9.7-13.el8_6.1.x86_64
CVE-2022-29824 Moderate/Sec.  libxml2-2.9.7-13.el8_6.1.x86_64
classification Moderate/Sec.  libxml2-2.9.7-13.el8_6.1.x86_64
RHSA-2022:5163 Low/Sec.       mod_session-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
CVE-2020-13950 Low/Sec.       mod_session-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
classification Low/Sec.       mod_session-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
RHSA-2022:5163 Low/Sec.       mod_ssl-1:2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
CVE-2020-13950 Low/Sec.       mod_ssl-1:2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
classification Low/Sec.       mod_ssl-1:2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
RHSA-2022:5095 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2021-3695  Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2021-3696  Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2021-3697  Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2022-28733 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2022-28734 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2022-28735 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2022-28736 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
CVE-2022-28737 Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
classification Important/Sec. mokutil-1:0.3.0-11.el8_6.1.x86_64
RHSA-2022:5818 Moderate/Sec.  openssl-1:1.1.1k-7.el8_6.x86_64
CVE-2022-1292  Moderate/Sec.  openssl-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2068  Moderate/Sec.  openssl-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2097  Moderate/Sec.  openssl-1:1.1.1k-7.el8_6.x86_64
classification Moderate/Sec.  openssl-1:1.1.1k-7.el8_6.x86_64
RHSA-2022:5818 Moderate/Sec.  openssl-devel-1:1.1.1k-7.el8_6.x86_64
CVE-2022-1292  Moderate/Sec.  openssl-devel-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2068  Moderate/Sec.  openssl-devel-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2097  Moderate/Sec.  openssl-devel-1:1.1.1k-7.el8_6.x86_64
classification Moderate/Sec.  openssl-devel-1:1.1.1k-7.el8_6.x86_64
RHSA-2022:5818 Moderate/Sec.  openssl-libs-1:1.1.1k-7.el8_6.x86_64
CVE-2022-1292  Moderate/Sec.  openssl-libs-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2068  Moderate/Sec.  openssl-libs-1:1.1.1k-7.el8_6.x86_64
CVE-2022-2097  Moderate/Sec.  openssl-libs-1:1.1.1k-7.el8_6.x86_64
classification Moderate/Sec.  openssl-libs-1:1.1.1k-7.el8_6.x86_64
RHSA-2022:5809 Moderate/Sec.  pcre2-10.32-3.el8_6.x86_64
CVE-2022-1586  Moderate/Sec.  pcre2-10.32-3.el8_6.x86_64
classification Moderate/Sec.  pcre2-10.32-3.el8_6.x86_64
ref_0          Moderate/Sec.  pcre2-10.32-3.el8_6.x86_64
RHSA-2022:5809 Moderate/Sec.  pcre2-devel-10.32-3.el8_6.x86_64
CVE-2022-1586  Moderate/Sec.  pcre2-devel-10.32-3.el8_6.x86_64
classification Moderate/Sec.  pcre2-devel-10.32-3.el8_6.x86_64
ref_0          Moderate/Sec.  pcre2-devel-10.32-3.el8_6.x86_64
RHSA-2022:5809 Moderate/Sec.  pcre2-utf16-10.32-3.el8_6.x86_64
CVE-2022-1586  Moderate/Sec.  pcre2-utf16-10.32-3.el8_6.x86_64
classification Moderate/Sec.  pcre2-utf16-10.32-3.el8_6.x86_64
ref_0          Moderate/Sec.  pcre2-utf16-10.32-3.el8_6.x86_64
RHSA-2022:5809 Moderate/Sec.  pcre2-utf32-10.32-3.el8_6.x86_64
CVE-2022-1586  Moderate/Sec.  pcre2-utf32-10.32-3.el8_6.x86_64
classification Moderate/Sec.  pcre2-utf32-10.32-3.el8_6.x86_64
ref_0          Moderate/Sec.  pcre2-utf32-10.32-3.el8_6.x86_64
RHSA-2022:5819 Important/Sec. perf-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. perf-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. perf-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. perf-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5317 Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.1.x86_64
CVE-2022-29824 Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.1.x86_64
classification Moderate/Sec.  python3-libxml2-2.9.7-13.el8_6.1.x86_64
RHSA-2022:5819 Important/Sec. python3-perf-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-1012  Important/Sec. python3-perf-4.18.0-372.19.1.el8_6.x86_64
CVE-2022-32250 Important/Sec. python3-perf-4.18.0-372.19.1.el8_6.x86_64
classification Important/Sec. python3-perf-4.18.0-372.19.1.el8_6.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-img-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-block-curl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-block-gluster-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-block-iscsi-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-block-rbd-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-block-ssh-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-common-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-core-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-docs-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-hw-usbredir-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-ui-opengl-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:5821 Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4206  Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2021-4207  Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26353 Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
CVE-2022-26354 Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
classification Moderate/Sec.  qemu-kvm-ui-spice-15:6.2.0-11.module+el8.6.0+15668+464a1f31.2.x86_64
RHSA-2022:6180 Important/Sec. rsync-3.1.3-14.el8_6.3.x86_64
CVE-2022-29154 Important/Sec. rsync-3.1.3-14.el8_6.3.x86_64
classification Important/Sec. rsync-3.1.3-14.el8_6.3.x86_64
RHSA-2022:6180 Important/Sec. rsync-daemon-3.1.3-14.el8_6.3.noarch
CVE-2022-29154 Important/Sec. rsync-daemon-3.1.3-14.el8_6.3.noarch
classification Important/Sec. rsync-daemon-3.1.3-14.el8_6.3.noarch
RHSA-2022:5779 Moderate/Sec.  ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64
CVE-2021-41817 Moderate/Sec.  ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64
CVE-2021-41819 Moderate/Sec.  ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64
classification Moderate/Sec.  ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64
RHSA-2022:6206 Important/Sec. systemd-239-58.el8_6.4.x86_64
CVE-2022-2526  Important/Sec. systemd-239-58.el8_6.4.x86_64
classification Important/Sec. systemd-239-58.el8_6.4.x86_64
RHSA-2022:6206 Important/Sec. systemd-container-239-58.el8_6.4.x86_64
CVE-2022-2526  Important/Sec. systemd-container-239-58.el8_6.4.x86_64
classification Important/Sec. systemd-container-239-58.el8_6.4.x86_64
RHSA-2022:6206 Important/Sec. systemd-libs-239-58.el8_6.4.x86_64
CVE-2022-2526  Important/Sec. systemd-libs-239-58.el8_6.4.x86_64
classification Important/Sec. systemd-libs-239-58.el8_6.4.x86_64
RHSA-2022:6206 Important/Sec. systemd-pam-239-58.el8_6.4.x86_64
CVE-2022-2526  Important/Sec. systemd-pam-239-58.el8_6.4.x86_64
classification Important/Sec. systemd-pam-239-58.el8_6.4.x86_64
RHSA-2022:6206 Important/Sec. systemd-udev-239-58.el8_6.4.x86_64
CVE-2022-2526  Important/Sec. systemd-udev-239-58.el8_6.4.x86_64
classification Important/Sec. systemd-udev-239-58.el8_6.4.x86_64
RHSA-2022:5319 Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1621  Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1629  Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.2.x86_64
classification Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.2.x86_64
RHSA-2022:5813 Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1785  Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1897  Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1927  Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.4.x86_64
classification Moderate/Sec.  vim-common-2:8.0.1763-19.el8_6.4.x86_64
RHSA-2022:5319 Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1621  Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1629  Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.2.x86_64
classification Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.2.x86_64
RHSA-2022:5813 Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1785  Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1897  Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1927  Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.4.x86_64
classification Moderate/Sec.  vim-enhanced-2:8.0.1763-19.el8_6.4.x86_64
RHSA-2022:5319 Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.2.noarch
CVE-2022-1621  Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.2.noarch
CVE-2022-1629  Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.2.noarch
classification Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.2.noarch
RHSA-2022:5813 Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.4.noarch
CVE-2022-1785  Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.4.noarch
CVE-2022-1897  Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.4.noarch
CVE-2022-1927  Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.4.noarch
classification Moderate/Sec.  vim-filesystem-2:8.0.1763-19.el8_6.4.noarch
RHSA-2022:5319 Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1621  Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.2.x86_64
CVE-2022-1629  Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.2.x86_64
classification Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.2.x86_64
RHSA-2022:5813 Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1785  Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1897  Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64
CVE-2022-1927  Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64
classification Moderate/Sec.  vim-minimal-2:8.0.1763-19.el8_6.4.x86_64