Red Hat Product Errata RHSA-2023:1672 - Security Advisory
Issued:
2023-04-06
Updated:
2023-04-06

RHSA-2023:1672 - Security Advisory

Synopsis

Important: httpd:2.4 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

  • httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
ppc64le
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 86a245299466439e445fb5e49ce2765bc8717c74f53b61d1cf79a654a430a100
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: ca54febee5da7efa6e114a75582ffa5934f16982c0ea19ec3ce939df8b5e49fb
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 1ee87e56eae355cf04da44869a05b2d30b4541ec4894a83420c16e25f2a9a711
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 2b9f0f54f68cc97bc2ab66e389b280fb2155c2f851f64eb7dc7556200bd4cfc5
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: eb2eb0659f3af7eace6c38556d612af2c971c8fb7b63c1dae16c6a511a65e620
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: ad70083d21171f2e9e1051e799578c6562a6425f51fbdbb1a9ccb8d27c13f99d
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm SHA-256: d557a02470c91aaf77c8a3b206b0c2a2e11113bda251265655972df71c266d27
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm SHA-256: 689b911557178d5e9538dfb320a2f65fcf83e063c45b090856bbf0869dd71aa0
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.ppc64le.rpm SHA-256: 9d840980ff2a82c6a0a236630bf1e551d58b1251d973babf4dbf050d63f26424
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 6dd065135dc3901959c3dc2a07915bd46b274413ef12efd68170be3d6283eef9
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 60cae1c457a2ec06b6755b4eb3a1a8a54e495bb272c08c7e563f7313a6a61f8d
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm SHA-256: 3cb4ae41a2e338eed38572a68768f867013b6eaa3bf545d340d84e5e265763ee
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm SHA-256: 853738552cf5d147d82fc01afd03b816f68c40c0a02507514c5d3cc9c57448ec
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.ppc64le.rpm SHA-256: 7f703b0c79eb4c46089c19f4543ec9d0806a0040995e6a2273474c33842e2f19
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 46cf9b66074ffcb1b45964796e0c2751d91005104e790888bf4898677975670b
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 4a9c31e1f2d1f866cf7c230fc08e5ec6f53ac1998707fa8be28e4b9783487afa
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: f5c156f69000fabdb6146797c0b7849f3fc034011f197658db5091451b07a865
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 10b183488b2c70f8ecd849005c259041adf09aca59ce5cb8ce3b4befbeeb1b11
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 85c98432a2e21365d8bc7ea9ba7bc9b231ff10fa5e1a83191a30a83061169f75
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.ppc64le.rpm SHA-256: 945c07ee523d569575a4e5cbf751eb75c51d846491a3d506764e6e4cf9f7cdbd

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.src.rpm SHA-256: ccd41894b5685a78f3f4ef48a0322006274c04ff1298ab8def2f4b800390e625
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.src.rpm SHA-256: c3a323b2a04f7cfb942e765fb5d97d8d5599ba9cf0c78359b88a09396cc04412
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.src.rpm SHA-256: ac0b05f049712493b3fcf948e094b58b87ba5687c6efca902e0fa352ca2c184d
x86_64
httpd-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 10cebf614e03d147fac81effb30531fa1ed5480b50f69b33802dea34728365e2
httpd-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: b5cdeaf0a111de8eb86d27336738e1d235cab2a3ede6fea2dae2bc4eb5a0d691
httpd-debugsource-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8b02fa8f55dd8f0e62e4fce01a4ff1e6d8e29e54aa0c05de79047328af3b19d1
httpd-devel-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 3c5241c3d6148c162bd0993664f57ed96a934a031e5fe3a1c8b28827a5f14e23
httpd-filesystem-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: b2caa215a4f8bcd23f17632470e5f06b525bd312ff59728f35aa4c49e51b5aee
httpd-manual-2.4.37-21.module+el8.2.0+18510+68528e70.6.noarch.rpm SHA-256: 37153dee332fdf4bf68a7439603732c2a34574bb1c4fb8917f2e3ad284c64f13
httpd-tools-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 11e3aa89d7989c70dda16a06220b06123bc0e03b300f7d33d83847388a4e33d6
httpd-tools-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 8879d3c1764c9b855850317856dd6b7529edeff4a2625fe230700c24ec2ed46a
mod_http2-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: ea62a0736052ebb375bcd2fe8e0faa4beb03df60a45abc3adff00130bc9bbbed
mod_http2-debuginfo-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: f826dadc55a1c2b5b72a10583077b33e0c55da23a46f814d17e4def1d0b7aa45
mod_http2-debugsource-1.11.3-3.module+el8.2.0+18513+b6a58d46.3.x86_64.rpm SHA-256: 4b72e6deda0ee70378772f9814e288e0628a24425324e314b5c8f19692700658
mod_ldap-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: ee56f043532913ef95db22dae527f12624c2f7051a5ae3eedc494322ff469937
mod_ldap-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: c85b654d33eedde608159485f9665fc9883f095f96a35fa7732f9a8ccad44478
mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 488993a0340198b852a125e8857c25595e6bf0f334b47d2a77613ee8a7fb6d37
mod_md-debuginfo-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: b8773d35478dc2149b1098d646e59184ad4e00e17e37972c860858ee5639c1a1
mod_md-debugsource-2.0.8-7.module+el8.2.0+5531+7e4d69a2.x86_64.rpm SHA-256: 0ff0f0e08de22afce2c2e7cb80ef1ea73925ee27d1c5ff86d45d5669e913826e
mod_proxy_html-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 622a19aa503b2fa2735b78ab7ef681c7977b05ecade2f2536809970159daf539
mod_proxy_html-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: aff6dcb37e92e5d849c9f24e7b45dc3a06be103736b954b3a74b876d8d9075b1
mod_session-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 4607715a44be79c8703ed4a4c9beb476f9d8de7b0146ea612b0323b27b234923
mod_session-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 6bd2cac5243d38c4de26b0e9623712d712a6797618c4b312d54e0703159adcb1
mod_ssl-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 126c6c19865ae838d76770dc00e5f05247cbe99a2a6ac94ce484286ca13b3b26
mod_ssl-debuginfo-2.4.37-21.module+el8.2.0+18510+68528e70.6.x86_64.rpm SHA-256: 74761cc8ef311b08ea57db3cbfb75f258012847fcc51a425875f6b4836bac469

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.