RLSA-2026:18556 Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: DNSBomb vulnerability CVE-2024-33655 unbound: Unbound domain hijacking via promiscuous records CVE-2025-11411 For more details about the security issues, including the impact, a CVSS...

RLSA-2026:18824 Moderate: luksmeta security update

LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...

RLSA-2023:6699 Moderate: krb5 security and bug fix update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

RLSA-2024:2290 Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: null pointer dereference CVE-2023-4874 mutt: null pointer dereference...

RLSA-2024:2437 Moderate: exfatprogs security update

The exfatprogs package contains utilities for formatting and repairing exFAT filesystems. Security Fixes: exfatprogs: exfatprogs allows out-of-bounds memory access CVE-2023-45897 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RLSA-2024:9193 Moderate: python3.12-PyMySQL security update

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fixes: python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 For more details about the...

RLSA-2024:9192 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RLSA-2024:9325 Low: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Authenticated user can kill any process when enabling...

RLSA-2024:9404 Moderate: libgcrypt security update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

RLSA-2024:9423 Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fixes: dnspython: denial of service in stub resolver CVE-2023-29483 For more details about th...