Advisory ROSA-SA-2025-2846

Software: iperf3 3.5 OS: ROSA Virtualization 2.1 packageevrstring: iperf3-3.5-11.rv3 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in json...

Advisory ROSA-SA-2024-2514

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.1.P2.res7.16 CVE-ID: CVE-2024-1737 BDU-ID: 2024-05964 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attack...

Advisory ROSA-SA-2024-2513

Software: python-setuptools 0.9.8 OS: rosa-server79 packageevrstring: python-setuptools-0.9.8-7.0.1.res7 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is related to functions...

Advisory ROSA-SA-2024-2503

Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...

Advisory ROSA-SA-2024-2496

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...

Advisory ROSA-SA-2024-2494

Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...

Advisory ROSA-SA-2024-2490

Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...

Advisory ROSA-SA-2024-2363

Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...

Advisory ROSA-SA-2024-2339

Software: libtirpc 1.1.4 OS: ROSA Virtualization 2.1 packageevrstring: libtirpc-1.1.4-8.rv3.src.rpm CVE-ID: CVE-2021-46828 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In libtirpc, remote attackers could exhaust the file descriptors of a process using libtirpc because idle TCP connections are not handl...

Important: runc

Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...

Advisory ROSA-SA-2023-2316

Software: libgcrypt 1.8.5 OS: ROSA Virtualization 2.1 packageevrstring: libgcrypt-1.8.5-7.rv3.src.rpm CVE-ID: CVE-2021-40528 BDU-ID: 2022-00593 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation ...

Advisory ROSA-SA-2023-2230

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3.src.rpm CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could...

Advisory ROSA-SA-2023-2166

Software: thunderbird 102.10.0 OS: rosa-server79 packageevrstring: 102.10.0-2.res7 CVE-ID: CVE-2022-40674 BDU-ID: 2023-02596 CVE-Crit: HIGH CVE-DESC: A vulnerability in the doContent function of the xmlparse.c file of the libexpat XML parser library is related to a post-release exploit...

Advisory ROSA-SA-2023-2156

Software: zlib 1.2.11 OS: ROSA Virtualization 2.1 packageevrstring: 1.2.11 CVE-ID: CVE-2018-25032 BDU-ID: 2022-01641 CVE-Crit: HIGH CVE-DESC: A vulnerability in the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an...

Advisory ROSA-SA-2023-2120

Software: pki-core 10.5.18 OS: rosa-server79 packageevrstring: pki-core-10.5.18-16 CVE-ID: CVE-2022-2414 BDU-ID: 2022-05089 CVE-Crit: HIGH CVE-DESC: A vulnerability in the pki-core package of the Red Hat Enterprise Linux operating system is related to incorrectly restricting XML references to...

Advisory ROSA-SA-2023-2112

Software: grub2 2.02 OS: rosa-server79 packageevrstring: grub2-2.02-0.87 CVE-ID: CVE-2022-28733 BDU-ID: 2022-03372 CVE-Crit: HIGH CVE-DESC: A vulnerability in the grubnetrecvip4packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the...

Advisory ROSA-SA-2023-2096

Software: libXpm 3.5.12 OS: rosa-server79 packageevrstring: libXpm-3.5.12-1 CVE-ID: CVE-2022-4883 BDU-ID: 2023-00388 CVE-Crit: HIGH CVE-DESC: When processing files with .Z or .gz extensions, the library calls external programs to compress and decompress the files, relying on the PATH environment...

ROS-2-929

2.929 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...

Amazon Linux AMI : curl (ALAS-2020-1444)

The version of curl installed on the remote host is prior to 7.61.1-12.95. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1444 advisory. A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's mul...