Moderate: motif security update

The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fixes: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with...

Moderate: libjpeg-turbo security update

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fixes: libjpeg-turbo:...

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: invalid memory access at zzipdiskentrytofileheader in mmapped.c CVE-2020-18770 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...

Moderate: libXpm security update

X.Org X11 libXpm runtime library. Security Fixes: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with corrupted colormap CVE-2023-43789 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Moderate: pcp security update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

Moderate: freeglut security update

freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...

Low: file security update

The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format ELF binary files, system libraries, RPM packages, and different graphics formats. Security Fixes: file:...

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 libX11: stack exhaustion from infinite recursion in PutSubImage CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap overflow...

Moderate: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS CVE-2022-33065 For more details about the security issues, including the impact, a CVSS score,...

Moderate: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: incorrect integer overflow check CVE-2023-51714 qtbase: potential buffer overflow when reading KTX images CVE-2024-25580 For more details...

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer-plugins-good: integer overflow leading to hea...

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 For more details about the security issues, including the impact, a CVSS...

Moderate: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Write past buffer end via illegal user-defined Unicode property CVE-2023-47038 For more details about the security issues, including the impact, a CVSS...

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: Incorrect offset calculation leading to DOS CVE-2023-39350...

Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...