Advisory ROSA-SA-2025-3038

Software: postgresql15 15.14 OS: rosa-server79 unaffected versions = postgresql15-15.14-1PGDG.res7 affected versions postgresql15-15.14-1PGDG.res7 CVE-ID: CVE-2017-7484 BDU-ID: 2019-03334 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to a lack o...

Advisory ROSA-SA-2025-2760

Software: doxygen 1.8.5 OS: rosa-server79 packageevrstring: doxygen-1.8.5-4.0.1.res7 CVE-ID: CVE-2020-11022 BDU-ID: 2020-05190 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the jQuery library is associated with a failure to take measures to protect the structure of a web page. Exploitation of th...

Advisory ROSA-SA-2025-2761

Software: raptor2 2.0.9 OS: rosa-server79 packageevrstring: raptor2-2.0.9-3.0.1.res7 CVE-ID: CVE-2024-57823 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: An integer overflow vulnerability was discovered in the Raptor RDF Syntax Library when normalizing URIs using the turtle parser in the...

Advisory ROSA-SA-2025-2553

Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.1.res7 CVE-ID: CVE-2017-16548 BDU-ID: 2021-01395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the receivexattr function in xattrs.c of the Rsync file transfer and synchronization utility is related to the lack of a check f...

Advisory ROSA-SA-2025-2550

Software: openldap 2.4.44 OS: rosa-server79 packageevrstring: openldap-2.4.44-25.0.2.res7 CVE-ID: CVE-2019-13057 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in OpenLDAP allows a server administrator with rootDN privileges to request authorization as another user from a different...

Advisory ROSA-SA-2025-2549

Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.3.res7 CVE-ID: CVE-2018-19478 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Artifex Ghostscript allows an attacker to run a lengthy calculation when processing a PDF file. CVE-STATUS: The vulnerabili...

Advisory ROSA-SA-2024-2533

Software: imlib2 1.4.9 OS: rosa-server79 packageevrstring: imlib2-1.4.9-1.res7 CVE-ID: CVE-2014-9762 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: imlib2 allows remote attackers to cause a denial of service segmentation error using a GIF image without a color map. CVE-STATUS: Fixed CVE-REV: Run the yum...

Advisory ROSA-SA-2024-2531

Software: python-idna 2.4 OS: rosa-server79 packageevrstring: python-idna-2.4-1.0.1.res7 CVE-ID: CVE-2024-3651 BDU-ID: 2024-04211 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the idna.encode function of the Internationalized Domain of Names in Applications IDNA is associated with uncontrolled...

Advisory ROSA-SA-2024-2530

Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...

Advisory ROSA-SA-2024-2527

Software: clamav 0.103.11 OS: rosa-server79 packageevrstring: clamav-0.103.11-1.res7 CVE-ID: CVE-2023-20197 BDU-ID: 2023-04766 CVE-Crit: HIGH CVE-DESC.: A vulnerability in ClamAV's file system image parser for Hierarchical File System Plus HFS+ is related to incorrect resource scrubbing or freein...

Advisory ROSA-SA-2024-2526

Software: NetworkManager-libreswan 1.2.4 OS: rosa-server79 packageevrstring: NetworkManager-libreswan-1.2.4-2.0.1.res7 CVE-ID: CVE-2024-9050 BDU-ID: 2024-09459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libreswan client plugin of the NetworkManager network connection management program is...

Advisory ROSA-SA-2024-2525

Software: nghttp2 1.33.0 OS: rosa-server79 packageevrstring: nghttp2-1.33.0-1.3.res7 CVE-ID: CVE-2023-44487 BDU-ID: 2023-06559 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established...

Advisory ROSA-SA-2024-2524

Software: monit 5.30.0 OS: rosa-server79 packageevrstring: monit-5.30.0-2.res7 CVE-ID: CVE-2022-26563 BDU-ID: 2023-05304 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PAMcheckPasswd function of the Monit process, program, file and directory management and monitoring utility is related to flaws...

Advisory ROSA-SA-2024-2523

Software: xrdp 0.9.25 OS: rosa-server79 packageevrstring: xrdp-0.9.25-2.0.1.res7 CVE-ID: CVE-2023-40184 BDU-ID: 2023-07659 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the authstartsession function of the XRDP server is related to the bypassing of session restrictions. Exploitation of the...

Advisory ROSA-SA-2024-2513

Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...

Advisory ROSA-SA-2024-2512

Software: python3-setuptools 39.2.0 OS: rosa-server79 packageevrstring: python3-setuptools-39.2.0-10.0.3.res7 CVE-ID: CVE-2024-37891 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

Advisory ROSA-SA-2024-2511

Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: LOW CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...

Advisory ROSA-SA-2024-2510

Software: python-urllib3 1.10.2 OS: rosa-server79 packageevrstring: python-urllib3-1.10.2-7.0.1.res7 CVE-ID: CVE-2024-37891 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: When using urllib3 proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy as expected...

Advisory ROSA-SA-2024-2508

Software: flatpak 1.0.9 OS: rosa-server79 packageevrstring: flatpak-1.0.9-13.0.1.res7 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output elements use...

Advisory ROSA-SA-2024-2494

Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...