Red Hat 9040 Published by

A webkitgtk4 security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 7.



RHSA-2020:4035-01: Moderate: webkitgtk4 security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4035-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:4035
Issue date: 2020-09-29
CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506
CVE-2019-8524 CVE-2019-8535 CVE-2019-8536
CVE-2019-8544 CVE-2019-8551 CVE-2019-8558
CVE-2019-8559 CVE-2019-8563 CVE-2019-8571
CVE-2019-8583 CVE-2019-8584 CVE-2019-8586
CVE-2019-8587 CVE-2019-8594 CVE-2019-8595
CVE-2019-8596 CVE-2019-8597 CVE-2019-8601
CVE-2019-8607 CVE-2019-8608 CVE-2019-8609
CVE-2019-8610 CVE-2019-8611 CVE-2019-8615
CVE-2019-8619 CVE-2019-8622 CVE-2019-8623
CVE-2019-8625 CVE-2019-8644 CVE-2019-8649
CVE-2019-8658 CVE-2019-8666 CVE-2019-8669
CVE-2019-8671 CVE-2019-8672 CVE-2019-8673
CVE-2019-8674 CVE-2019-8676 CVE-2019-8677
CVE-2019-8678 CVE-2019-8679 CVE-2019-8680
CVE-2019-8681 CVE-2019-8683 CVE-2019-8684
CVE-2019-8686 CVE-2019-8687 CVE-2019-8688
CVE-2019-8689 CVE-2019-8690 CVE-2019-8707
CVE-2019-8710 CVE-2019-8719 CVE-2019-8720
CVE-2019-8726 CVE-2019-8733 CVE-2019-8735
CVE-2019-8743 CVE-2019-8763 CVE-2019-8764
CVE-2019-8765 CVE-2019-8766 CVE-2019-8768
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8821 CVE-2019-8822
CVE-2019-8823 CVE-2019-8835 CVE-2019-8844
CVE-2019-8846 CVE-2019-11070 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-10018 CVE-2020-11793
=====================================================================

1. Summary:

An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+
platform. These packages provide WebKitGTK+ for GTK+ 3.

The following packages have been upgraded to a later upstream version:
webkitgtk4 (2.28.2). (BZ#1817144)

Security Fix(es):

* webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251,
CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571,
CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594,
CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607,
CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615,
CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644,
CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671,
CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677,
CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,
CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689,
CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720,
CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763,
CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769,
CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811,
CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823,
CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862,
CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885,
CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900,
CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

5. Bugs fixed (  https://bugzilla.redhat.com/):

1667409 - CVE-2019-6251 webkitgtk: processing maliciously crafted web content lead to URI spoofing
1709289 - CVE-2019-11070 webkitgtk: HTTP proxy setting deanonymization information disclosure
1719199 - CVE-2019-8506 webkitgtk: malicous web content leads to arbitrary code execution
1719209 - CVE-2019-8524 webkitgtk: malicious web content leads to arbitrary code execution
1719210 - CVE-2019-8535 webkitgtk: malicious crafted web content leads to arbitrary code execution
1719213 - CVE-2019-8536 webkitgtk: malicious crafted web content leads to arbitrary code execution
1719224 - CVE-2019-8544 webkitgtk: malicious crafted web content leads to arbitrary we content
1719231 - CVE-2019-8558 webkitgtk: malicious crafted web content leads to arbitrary code execution
1719235 - CVE-2019-8559 webkitgtk: malicious web content leads to arbitrary code execution
1719237 - CVE-2019-8563 webkitgtk: malicious web content leads to arbitrary code execution
1719238 - CVE-2019-8551 webkitgtk: malicious web content leads to cross site scripting
1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp
1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution
1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
1817144 - Rebase WebKitGTK to 2.28
1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content
1876462 - CVE-2020-3885 webkitgtk: Incorrect processing of file URLs
1876463 - CVE-2020-3894 webkitgtk: Race condition allows reading of restricted memory
1876465 - CVE-2020-3895 webkitgtk: Memory corruption triggered by a malicious web content
1876468 - CVE-2020-3897 webkitgtk: Type confusion leading to arbitrary code execution
1876470 - CVE-2020-3899 webkitgtk: Memory consumption issue leading to arbitrary code execution
1876472 - CVE-2020-3900 webkitgtk: Memory corruption triggered by a malicious web content
1876473 - CVE-2020-3901 webkitgtk: Type confusion leading to arbitrary code execution
1876476 - CVE-2020-3902 webkitgtk: Input validation issue leading to cross-site script attack
1876516 - CVE-2020-3862 webkitgtk: Denial of service via incorrect memory handling
1876518 - CVE-2020-3864 webkitgtk: Non-unique security origin for DOM object contexts
1876521 - CVE-2020-3865 webkitgtk: Incorrect security check for a top-level DOM object context
1876522 - CVE-2020-3867 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876523 - CVE-2020-3868 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876536 - CVE-2019-8710 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876537 - CVE-2019-8743 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876540 - CVE-2019-8764 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876542 - CVE-2019-8765 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876543 - CVE-2019-8766 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876545 - CVE-2019-8782 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876548 - CVE-2019-8783 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876549 - CVE-2019-8808 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876550 - CVE-2019-8811 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876552 - CVE-2019-8812 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876553 - CVE-2019-8813 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876554 - CVE-2019-8814 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876555 - CVE-2019-8815 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876556 - CVE-2019-8816 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876590 - CVE-2019-8819 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876591 - CVE-2019-8820 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876592 - CVE-2019-8821 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876593 - CVE-2019-8822 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876594 - CVE-2019-8823 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876607 - CVE-2019-8625 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876608 - CVE-2019-8674 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876609 - CVE-2019-8707 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876610 - CVE-2019-8719 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876611 - CVE-2019-8720 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876612 - CVE-2019-8726 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876613 - CVE-2019-8733 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876614 - CVE-2019-8735 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876615 - CVE-2019-8763 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876616 - CVE-2019-8768 webkitgtk: Browsing history could not be deleted
1876617 - CVE-2019-8769 webkitgtk: Websites could reveal browsing history
1876619 - CVE-2019-8771 webkitgtk: Violation of iframe sandboxing policy
1876626 - CVE-2019-8644 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876628 - CVE-2019-8649 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876629 - CVE-2019-8658 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876630 - CVE-2019-8666 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876631 - CVE-2019-8669 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876632 - CVE-2019-8671 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876634 - CVE-2019-8672 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876643 - CVE-2019-8673 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876644 - CVE-2019-8676 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876645 - CVE-2019-8677 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876646 - CVE-2019-8678 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876647 - CVE-2019-8679 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876648 - CVE-2019-8680 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876650 - CVE-2019-8681 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876651 - CVE-2019-8683 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876652 - CVE-2019-8684 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876653 - CVE-2019-8686 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876655 - CVE-2019-8687 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876656 - CVE-2019-8688 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876657 - CVE-2019-8689 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876664 - CVE-2019-8690 webkitgtk: Incorrect state management leading to universal cross-site scripting
1876880 - CVE-2019-6237 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876881 - CVE-2019-8571 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876882 - CVE-2019-8583 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876883 - CVE-2019-8584 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876884 - CVE-2019-8586 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876887 - CVE-2019-8587 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876891 - CVE-2019-8594 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876892 - CVE-2019-8595 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876893 - CVE-2019-8596 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876894 - CVE-2019-8597 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876895 - CVE-2019-8601 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876897 - CVE-2019-8607 webkitgtk: Out-of-bounds read leading to memory disclosure
1876898 - CVE-2019-8608 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876899 - CVE-2019-8609 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1876900 - CVE-2019-8610 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1877045 - CVE-2019-8615 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1877046 - CVE-2019-8611 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1877047 - CVE-2019-8619 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1877048 - CVE-2019-8622 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution
1877049 - CVE-2019-8623 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
webkitgtk4-2.28.2-2.el7.src.rpm

x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm

x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
webkitgtk4-2.28.2-2.el7.src.rpm

x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm

x86_64:
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
webkitgtk4-2.28.2-2.el7.src.rpm

ppc64:
webkitgtk4-2.28.2-2.el7.ppc.rpm
webkitgtk4-2.28.2-2.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm

ppc64le:
webkitgtk4-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm

s390x:
webkitgtk4-2.28.2-2.el7.s390.rpm
webkitgtk4-2.28.2-2.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm

x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm

ppc64:
webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm

s390x:
webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm
webkitgtk4-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-devel-2.28.2-2.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
webkitgtk4-2.28.2-2.el7.src.rpm

x86_64:
webkitgtk4-2.28.2-2.el7.i686.rpm
webkitgtk4-2.28.2-2.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
webkitgtk4-doc-2.28.2-2.el7.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2019-6237
  https://access.redhat.com/security/cve/CVE-2019-6251
  https://access.redhat.com/security/cve/CVE-2019-8506
  https://access.redhat.com/security/cve/CVE-2019-8524
  https://access.redhat.com/security/cve/CVE-2019-8535
  https://access.redhat.com/security/cve/CVE-2019-8536
  https://access.redhat.com/security/cve/CVE-2019-8544
  https://access.redhat.com/security/cve/CVE-2019-8551
  https://access.redhat.com/security/cve/CVE-2019-8558
  https://access.redhat.com/security/cve/CVE-2019-8559
  https://access.redhat.com/security/cve/CVE-2019-8563
  https://access.redhat.com/security/cve/CVE-2019-8571
  https://access.redhat.com/security/cve/CVE-2019-8583
  https://access.redhat.com/security/cve/CVE-2019-8584
  https://access.redhat.com/security/cve/CVE-2019-8586
  https://access.redhat.com/security/cve/CVE-2019-8587
  https://access.redhat.com/security/cve/CVE-2019-8594
  https://access.redhat.com/security/cve/CVE-2019-8595
  https://access.redhat.com/security/cve/CVE-2019-8596
  https://access.redhat.com/security/cve/CVE-2019-8597
  https://access.redhat.com/security/cve/CVE-2019-8601
  https://access.redhat.com/security/cve/CVE-2019-8607
  https://access.redhat.com/security/cve/CVE-2019-8608
  https://access.redhat.com/security/cve/CVE-2019-8609
  https://access.redhat.com/security/cve/CVE-2019-8610
  https://access.redhat.com/security/cve/CVE-2019-8611
  https://access.redhat.com/security/cve/CVE-2019-8615
  https://access.redhat.com/security/cve/CVE-2019-8619
  https://access.redhat.com/security/cve/CVE-2019-8622
  https://access.redhat.com/security/cve/CVE-2019-8623
  https://access.redhat.com/security/cve/CVE-2019-8625
  https://access.redhat.com/security/cve/CVE-2019-8644
  https://access.redhat.com/security/cve/CVE-2019-8649
  https://access.redhat.com/security/cve/CVE-2019-8658
  https://access.redhat.com/security/cve/CVE-2019-8666
  https://access.redhat.com/security/cve/CVE-2019-8669
  https://access.redhat.com/security/cve/CVE-2019-8671
  https://access.redhat.com/security/cve/CVE-2019-8672
  https://access.redhat.com/security/cve/CVE-2019-8673
  https://access.redhat.com/security/cve/CVE-2019-8674
  https://access.redhat.com/security/cve/CVE-2019-8676
  https://access.redhat.com/security/cve/CVE-2019-8677
  https://access.redhat.com/security/cve/CVE-2019-8678
  https://access.redhat.com/security/cve/CVE-2019-8679
  https://access.redhat.com/security/cve/CVE-2019-8680
  https://access.redhat.com/security/cve/CVE-2019-8681
  https://access.redhat.com/security/cve/CVE-2019-8683
  https://access.redhat.com/security/cve/CVE-2019-8684
  https://access.redhat.com/security/cve/CVE-2019-8686
  https://access.redhat.com/security/cve/CVE-2019-8687
  https://access.redhat.com/security/cve/CVE-2019-8688
  https://access.redhat.com/security/cve/CVE-2019-8689
  https://access.redhat.com/security/cve/CVE-2019-8690
  https://access.redhat.com/security/cve/CVE-2019-8707
  https://access.redhat.com/security/cve/CVE-2019-8710
  https://access.redhat.com/security/cve/CVE-2019-8719
  https://access.redhat.com/security/cve/CVE-2019-8720
  https://access.redhat.com/security/cve/CVE-2019-8726
  https://access.redhat.com/security/cve/CVE-2019-8733
  https://access.redhat.com/security/cve/CVE-2019-8735
  https://access.redhat.com/security/cve/CVE-2019-8743
  https://access.redhat.com/security/cve/CVE-2019-8763
  https://access.redhat.com/security/cve/CVE-2019-8764
  https://access.redhat.com/security/cve/CVE-2019-8765
  https://access.redhat.com/security/cve/CVE-2019-8766
  https://access.redhat.com/security/cve/CVE-2019-8768
  https://access.redhat.com/security/cve/CVE-2019-8769
  https://access.redhat.com/security/cve/CVE-2019-8771
  https://access.redhat.com/security/cve/CVE-2019-8782
  https://access.redhat.com/security/cve/CVE-2019-8783
  https://access.redhat.com/security/cve/CVE-2019-8808
  https://access.redhat.com/security/cve/CVE-2019-8811
  https://access.redhat.com/security/cve/CVE-2019-8812
  https://access.redhat.com/security/cve/CVE-2019-8813
  https://access.redhat.com/security/cve/CVE-2019-8814
  https://access.redhat.com/security/cve/CVE-2019-8815
  https://access.redhat.com/security/cve/CVE-2019-8816
  https://access.redhat.com/security/cve/CVE-2019-8819
  https://access.redhat.com/security/cve/CVE-2019-8820
  https://access.redhat.com/security/cve/CVE-2019-8821
  https://access.redhat.com/security/cve/CVE-2019-8822
  https://access.redhat.com/security/cve/CVE-2019-8823
  https://access.redhat.com/security/cve/CVE-2019-8835
  https://access.redhat.com/security/cve/CVE-2019-8844
  https://access.redhat.com/security/cve/CVE-2019-8846
  https://access.redhat.com/security/cve/CVE-2019-11070
  https://access.redhat.com/security/cve/CVE-2020-3862
  https://access.redhat.com/security/cve/CVE-2020-3864
  https://access.redhat.com/security/cve/CVE-2020-3865
  https://access.redhat.com/security/cve/CVE-2020-3867
  https://access.redhat.com/security/cve/CVE-2020-3868
  https://access.redhat.com/security/cve/CVE-2020-3885
  https://access.redhat.com/security/cve/CVE-2020-3894
  https://access.redhat.com/security/cve/CVE-2020-3895
  https://access.redhat.com/security/cve/CVE-2020-3897
  https://access.redhat.com/security/cve/CVE-2020-3899
  https://access.redhat.com/security/cve/CVE-2020-3900
  https://access.redhat.com/security/cve/CVE-2020-3901
  https://access.redhat.com/security/cve/CVE-2020-3902
  https://access.redhat.com/security/cve/CVE-2020-10018
  https://access.redhat.com/security/cve/CVE-2020-11793
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.