AlmaLinux 9 : containernetworking-plugins (ALSA-2023:7766)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7766 advisory. - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA...

AlmaLinux 9 : pixman (ALSA-2023:7754)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7754 advisory. - In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in...

AlmaLinux 9 : tracker-miners (ALSA-2023:7712)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:7712 advisory. - A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the...

AlmaLinux 9 : webkit2gtk3 (ALSA-2023:7715)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7715 advisory. - A memory corruption vulnerability was addressed with improved locking. CVE-2023-42917 Note that Nessus has not tested for this issue but has instead relied only ...

AlmaLinux 9 : apr (ALSA-2023:7711)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7711 advisory. - Integer Overflow or Wraparound vulnerability in aprencode functions of Apache Portable Runtime APR allows an attacker to write beyond bounds of a buffer. This...

AlmaLinux 8 : kpatch-patch (ALSA-2023:7554)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7554 advisory. - Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in...

AlmaLinux 8 : kernel (ALSA-2023:7549)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7549 advisory. - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use- after-free, related to dvbregisterdevice dynamical...

AlmaLinux 8 : postgresql:13 (ALSA-2023:7581)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7581 advisory. postgresql: Buffer overrun from integer overflow in array modification CVE-2023-5869 postgresql: Memory disclosure in aggregate function calls CVE-2023-58...

AlmaLinux 8 : samba (ALSA-2023:7467)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7467 advisory. - A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory...

AlmaLinux 9 : squid (ALSA-2023:7465)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:7465 advisory. - Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. CVE-2023-5824 Note that...

AlmaLinux 9 : dotnet8.0 (ALSA-2023:7253)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7253 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-36049 - ASP.NET Core - Security Feature Bypass Vulnerability...

AlmaLinux 9 : dotnet6.0 (ALSA-2023:7257)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7257 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-36049 - ASP.NET Core - Security Feature Bypass Vulnerability...

AlmaLinux 9 : dotnet7.0 (ALSA-2023:7255)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7255 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-36049 - ASP.NET Core - Security Feature Bypass Vulnerability...

AlmaLinux 9 : open-vm-tools (ALSA-2023:7277)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:7277 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

ALSA-2023:7174 Moderate: perl-HTTP-Tiny security update

HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...

ALSA-2023:7109 Moderate: linux-firmware security, bug fix, and enhancement update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw amd: Return Address Predictor vulnerability leading to information disclosure CVE-2023-20569 For more details about the security issues, including the impact, a CVSS...

ALSA-2023:7042 Moderate: python27:2.7 security and bug fix update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

ALSA-2023:6919 Moderate: edk2 security and bug fix update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 For more details...

ALSA-2023:6961 Low: qt5-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qt: Uninitialized variable usage in munitsPerEm CVE-2023-32573 For more detail...

ALSA-2023:7050 Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...