RHSA-2009:0457 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: libwmf security update

Type/Severity

Security Advisory: Moderate

Topic

Updated libwmf packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

libwmf is a library for reading and converting Windows Metafile Format
(WMF) vector graphics. libwmf is used by applications such as GIMP and
ImageMagick.

A pointer use-after-free flaw was found in the GD graphics library embedded
in libwmf. An attacker could create a specially-crafted WMF file that would
cause an application using libwmf to crash or, potentially, execute
arbitrary code as the user running the application when opened by a victim.
(CVE-2009-1364)

Note: This flaw is specific to the GD graphics library embedded in libwmf.
It does not affect the GD graphics library from the "gd" packages, or
applications using it.

Red Hat would like to thank Tavis Ormandy of the Google Security Team for
responsibly reporting this flaw.

All users of libwmf are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, all applications using libwmf must be restarted for the update
to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

BZ - 496864 - EMBARGOED CVE-2009-1364 libwmf: embedded gd use-after-free error

CVEs

CVE-2009-1364

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
x86_64
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-0.2.8.4-10.2.x86_64.rpm	SHA-256: fd12bad0e8400a3f20ca9c441399726252fe1aed9553f5dcdc086e71aa2307d5
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536
libwmf-devel-0.2.8.4-10.2.x86_64.rpm	SHA-256: ca638c7bce32dc743ca3f74de4cc857f0acdc4d94482edbe8c32362a39bac96b
ia64
libwmf-0.2.8.4-10.2.ia64.rpm	SHA-256: 4ef9db624f6e3370393ef2c102a15bcff1efea753b9fa92a1be1aad01097c329
libwmf-devel-0.2.8.4-10.2.ia64.rpm	SHA-256: 2e3eb410280c8de7de5d38ad5dde753f4cad2ac97b743cfcef997d16e6cfe33a
i386
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536

Red Hat Enterprise Linux Server 4

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
x86_64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
ia64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.ia64.rpm	SHA-256: 43724841df11e47c23a26e8e969751f55ba653e2cabc40c78f3433e3233e986e
libwmf-0.2.8.3-5.8.ia64.rpm	SHA-256: 43724841df11e47c23a26e8e969751f55ba653e2cabc40c78f3433e3233e986e
libwmf-devel-0.2.8.3-5.8.ia64.rpm	SHA-256: 9feb93d8375bb5e87ad6c9e2706924fce1a1821fa9ec8e60a07acbab309e7fa8
libwmf-devel-0.2.8.3-5.8.ia64.rpm	SHA-256: 9feb93d8375bb5e87ad6c9e2706924fce1a1821fa9ec8e60a07acbab309e7fa8
i386
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
x86_64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
ia64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.ia64.rpm	SHA-256: 43724841df11e47c23a26e8e969751f55ba653e2cabc40c78f3433e3233e986e
libwmf-0.2.8.3-5.8.ia64.rpm	SHA-256: 43724841df11e47c23a26e8e969751f55ba653e2cabc40c78f3433e3233e986e
libwmf-devel-0.2.8.3-5.8.ia64.rpm	SHA-256: 9feb93d8375bb5e87ad6c9e2706924fce1a1821fa9ec8e60a07acbab309e7fa8
libwmf-devel-0.2.8.3-5.8.ia64.rpm	SHA-256: 9feb93d8375bb5e87ad6c9e2706924fce1a1821fa9ec8e60a07acbab309e7fa8
i386
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58

Red Hat Enterprise Linux Workstation 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
x86_64
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-0.2.8.4-10.2.x86_64.rpm	SHA-256: fd12bad0e8400a3f20ca9c441399726252fe1aed9553f5dcdc086e71aa2307d5
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536
libwmf-devel-0.2.8.4-10.2.x86_64.rpm	SHA-256: ca638c7bce32dc743ca3f74de4cc857f0acdc4d94482edbe8c32362a39bac96b
i386
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536

Red Hat Enterprise Linux Workstation 4

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
x86_64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
ia64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.ia64.rpm	SHA-256: 43724841df11e47c23a26e8e969751f55ba653e2cabc40c78f3433e3233e986e
libwmf-devel-0.2.8.3-5.8.ia64.rpm	SHA-256: 9feb93d8375bb5e87ad6c9e2706924fce1a1821fa9ec8e60a07acbab309e7fa8
i386
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58

Red Hat Enterprise Linux Desktop 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
x86_64
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-0.2.8.4-10.2.x86_64.rpm	SHA-256: fd12bad0e8400a3f20ca9c441399726252fe1aed9553f5dcdc086e71aa2307d5
i386
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1

Red Hat Enterprise Linux Desktop 4

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
x86_64
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-0.2.8.3-5.8.x86_64.rpm	SHA-256: a6918d8bb5e014f83528cb0b55577f25f57f9183e9619b74254ad5cf7e9c77e1
libwmf-devel-0.2.8.3-5.8.x86_64.rpm	SHA-256: 1d6e0dce6fadd921d79aade381a4a2a43a06cc7f385d97bbbfba6314185346a0
i386
libwmf-0.2.8.3-5.8.i386.rpm	SHA-256: b997772592ca18c33da5a011eec6aedfc141ee171d082c34fd4d7f7b7bbd4ee1
libwmf-devel-0.2.8.3-5.8.i386.rpm	SHA-256: 9bf60dfeed95a74a62fb0588af0ad0268f4f567c17cf118cb174e5be53aa6d58

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
s390x
libwmf-0.2.8.4-10.2.s390.rpm	SHA-256: 4adeaf500d2ddb94b2f1a1d016dea7e7cdf90a9884a38e6fed2c965635ea54e8
libwmf-0.2.8.4-10.2.s390x.rpm	SHA-256: 90fb00ba1ddb4ef09addeb1c348998dbc0c48e20a8ed05a4f13a07d2813e118b
libwmf-devel-0.2.8.4-10.2.s390.rpm	SHA-256: 6a013d5380bf483474244d2651d3ef4e2192dc22a8f08e22541620418d28ce60
libwmf-devel-0.2.8.4-10.2.s390x.rpm	SHA-256: 4f10dabc0a4cfd54ac5fdd18370cea9f2743fb4299a5114cf96608ac37d1b645

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
s390x
libwmf-0.2.8.3-5.8.s390.rpm	SHA-256: 39214c9ed19ee68b0afba0dbe2db829ac115b26519f5c2c9e16039ec30a5bf6a
libwmf-0.2.8.3-5.8.s390x.rpm	SHA-256: 76e01478fa78fe667b44ccf17c3c5a5c8058ac172aec66a5bf62474380e8f989
libwmf-devel-0.2.8.3-5.8.s390x.rpm	SHA-256: 99fddac068ed2d67f3f77b8516529cebe42d9011870641d3a7e518b43f51612d
s390
libwmf-0.2.8.3-5.8.s390.rpm	SHA-256: 39214c9ed19ee68b0afba0dbe2db829ac115b26519f5c2c9e16039ec30a5bf6a
libwmf-devel-0.2.8.3-5.8.s390.rpm	SHA-256: a5da517b46723fe9d61c32bc6ac71efc04db4e858315efbb3134995d19755057

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
s390x
libwmf-0.2.8.3-5.8.s390.rpm	SHA-256: 39214c9ed19ee68b0afba0dbe2db829ac115b26519f5c2c9e16039ec30a5bf6a
libwmf-0.2.8.3-5.8.s390x.rpm	SHA-256: 76e01478fa78fe667b44ccf17c3c5a5c8058ac172aec66a5bf62474380e8f989
libwmf-devel-0.2.8.3-5.8.s390x.rpm	SHA-256: 99fddac068ed2d67f3f77b8516529cebe42d9011870641d3a7e518b43f51612d
s390
libwmf-0.2.8.3-5.8.s390.rpm	SHA-256: 39214c9ed19ee68b0afba0dbe2db829ac115b26519f5c2c9e16039ec30a5bf6a
libwmf-devel-0.2.8.3-5.8.s390.rpm	SHA-256: a5da517b46723fe9d61c32bc6ac71efc04db4e858315efbb3134995d19755057

Red Hat Enterprise Linux for Power, big endian 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
ppc
libwmf-0.2.8.4-10.2.ppc.rpm	SHA-256: 8febfba11d4acf10aee4700d53a836faa0aa3e0701557bc2a79987acfe9580cc
libwmf-0.2.8.4-10.2.ppc64.rpm	SHA-256: 573558d9537c420a593d69cc38fa610874f63360ed337ed0ecdb4c7ce15dd2b7
libwmf-devel-0.2.8.4-10.2.ppc.rpm	SHA-256: 72cbb1cc1ce15c9320d16728cefb1ffae00393269d2745063f2ba8228cd308e5
libwmf-devel-0.2.8.4-10.2.ppc64.rpm	SHA-256: 9926281095549e2e283737db01250f722c0a9b8bd25ef5a70f7e84b4cca1b443

Red Hat Enterprise Linux for Power, big endian 4

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
ppc
libwmf-0.2.8.3-5.8.ppc.rpm	SHA-256: a9c9da69ca996966e5fdb699bd787a7915fe107e974257615f5eb1fa5c10ad94
libwmf-0.2.8.3-5.8.ppc64.rpm	SHA-256: e3404e2129c46613ede5ee35736846c8cc39b515b5cecf6e3be80770f91fdfa2
libwmf-devel-0.2.8.3-5.8.ppc.rpm	SHA-256: 9b970dbc7a7ad4bc477d3115b10b9b4a23f7b3b803508f4e90e012b939ad8937

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
libwmf-0.2.8.3-5.8.src.rpm	SHA-256: 675779b70cabdc13650ed0faedc015ca29c0000fe97cb8a1f67808c7401426f2
ppc
libwmf-0.2.8.3-5.8.ppc.rpm	SHA-256: a9c9da69ca996966e5fdb699bd787a7915fe107e974257615f5eb1fa5c10ad94
libwmf-0.2.8.3-5.8.ppc64.rpm	SHA-256: e3404e2129c46613ede5ee35736846c8cc39b515b5cecf6e3be80770f91fdfa2
libwmf-devel-0.2.8.3-5.8.ppc.rpm	SHA-256: 9b970dbc7a7ad4bc477d3115b10b9b4a23f7b3b803508f4e90e012b939ad8937

Red Hat Enterprise Linux Server from RHUI 5

SRPM
libwmf-0.2.8.4-10.2.src.rpm	SHA-256: e0ccc031af52419b6c69b560efdc590e8ad6ef179a9107284a88125376108a81
x86_64
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-0.2.8.4-10.2.x86_64.rpm	SHA-256: fd12bad0e8400a3f20ca9c441399726252fe1aed9553f5dcdc086e71aa2307d5
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536
libwmf-devel-0.2.8.4-10.2.x86_64.rpm	SHA-256: ca638c7bce32dc743ca3f74de4cc857f0acdc4d94482edbe8c32362a39bac96b
i386
libwmf-0.2.8.4-10.2.i386.rpm	SHA-256: 710e462ddaf6710dee4b5a3880649e9103be20262eea83508b081f81c82a3cb1
libwmf-devel-0.2.8.4-10.2.i386.rpm	SHA-256: 57ae4cf46f439b15dd5b5ff2318b35f7f7a9b7fd7fd3285ccb8c162a43b69536

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.