AlmaLinux 9 : flatpak (ALSA-2024:3959)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3959 advisory. flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 9 : gvisor-tap-vsock (ALSA-2024:3830)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3830 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 9 : containernetworking-plugins (ALSA-2024:3831)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3831 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 9 : 389-ds-base (ALSA-2024:3837)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3837 advisory. 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request CVE-2024-3657 389-ds-base: Malformed userPassword may cause crash a...

AlmaLinux 9 : cockpit (ALSA-2024:3843)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3843 advisory. cockpit: command injection when deleting a sosreport with a crafted name CVE-2024-2947 Tenable has extracted the preceding description block directly from the...

AlmaLinux 9 : c-ares (ALSA-2024:3842)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3842 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

AlmaLinux 9 : gdk-pixbuf2 (ALSA-2024:3834)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3834 advisory. gdk-pixbuf2: heap memory corruption on gdk-pixbuf CVE-2022-48622 Tenable has extracted the preceding description block directly from the AlmaLinux security advisor...

AlmaLinux 9 : rpm-ostree (ALSA-2024:3823)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3823 advisory. rpm-ostree: world-readable /etc/shadow file 9.4.z JIRA:AlmaLinux-31852 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 9 : podman (ALSA-2024:3826)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3826 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

AlmaLinux 9 : buildah (ALSA-2024:3827)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3827 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 jose-go: improper handling of highly compressed data CVE-2024-28180...

AlmaLinux 9 : fence-agents (ALSA-2024:3820)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3820 advisory. jinja2: accepts keys containing non-attribute characters CVE-2024-34064 Tenable has extracted the preceding description block directly from the AlmaLinux security...

AlmaLinux 9 : python-idna (ALSA-2024:3846)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:3846 advisory. python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651 Tenable has extracted the preceding description block...

AlmaLinux 9 : libreoffice (ALSA-2024:3835)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3835 advisory. libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution CVE-2023-6185 libreoffice: Insufficient macro permission validation...

AlmaLinux 9 : ruby (ALSA-2024:3838)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3838 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

AlmaLinux 8 : booth (ALSA-2024:3659)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3659 advisory. booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server CVE-2024-3049 Tenable has extracted the preceding description block directly...

AlmaLinux 9 : booth (ALSA-2024:3661)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:3661 advisory. booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server CVE-2024-3049 Tenable has extracted the preceding description block directly...

ALSA-2024:3754 Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another...

AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...