AlmaLinux 8 : gupnp (ALSA-2021:2363)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:2363 advisory. - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...

AlmaLinux 8 : GNOME (ALSA-2021:4381)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory. - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lea...

AlmaLinux 8 : dovecot (ALSA-2021:1887)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1887 advisory. - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled...

AlmaLinux 8 : file-roller (ALSA-2021:4179)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4179 advisory. - fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it...

AlmaLinux 8 : gnutls (ALSA-2020:5483)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:5483 advisory. - An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with...

AlmaLinux 8 : linuxptp (ALSA-2021:4321)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4321 advisory. - A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote...

AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2020:4807)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:4807 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus has not...

AlmaLinux 8 : trousers (ALSA-2021:1627)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1627 advisory. - An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the...

AlmaLinux 8 : libmspack (ALSA-2020:1686)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:1686 advisory. - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile...

AlmaLinux 8 : sqlite (ALSA-2021:4396)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4396 advisory. - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a...

AlmaLinux 8 : virt:rhel (ALSA-2020:4059)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4059 advisory. QEMU: usb: out-of-bounds r/w access issue while processing usb packets CVE-2020-14364 QEMU: slirp: networking out-of-bounds read information disclosure...

AlmaLinux 8 : resource-agents (ALSA-2021:4139)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4139 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...

AlmaLinux 8 : dnf (ALSA-2021:4464)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4464 advisory. - A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can...

pki-core:10.6 bug fix and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Bug Fixes and Enhancements: Reinstall of the same ipa-replica fails with 'RuntimeError: CA configuration failed.' BZ2024676 ipa: ERROR: 'Certificate operation cannot be completed: Unable...

container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALEA-2022:0322 .NET Core 3.1 bugfix and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 almalinux-8.5.0.z BZ2031429...

.NET Core 3.1 bugfix and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 almalinux-8.5.0.z BZ2031429...

End of CentOS Linux. Where to migrate?

Hello everyone! As you probably know, CentOS Linux, the main Enterprise-level Linux server distribution, will soon disappear. It wasnt hard to predict when RedHat acquired CentOS in 2014, and now it is actually happening. End of life of CentOS Linux 8 was 31.12.2021. There wont be CentOS Linux as...

ALSA-2022:0188 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL CVE-2021-4155 kernel: fscontext: heap overflow in legacy parameter handling CVE-2022-0185 For more details about the security issues...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: cloud-init.service fails to start after package updat...