5313 matches found
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 CVE-2025-0243 firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134,...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54479 webkit: Processing maliciously crafted web content may lead to an unexpected process...
Important: dpdk security update
The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library CVE-2024-11614 For more details about the security...
Important: iperf3 security update
Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf: Denial of Service in iperf Due to Improper JSON Handling CVE-2024-53580 For more details about the securit...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: i40e: fix race condition by adding filter's intermediate sync state CVE-2024-53088 kernel: mptcp: cope racing subflow creation in mptcprcvspaceadjust CVE-2024-53122 For more details about...
Low: cups security update
The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file CVE-2024-47175 For more details about the security issues, including the impact, ...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: i40e: fix race condition by adding filter's intermediate sync state CVE-2024-53088 kernel: mptcp: cope racing subflow creation in...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: perf/aux: Fix AUX buffer serialization CVE-2024-46713 kernel: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages CVE-2024-50208 kernel: mlxsw: spectrumipip: Fix memory leak when...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241 firefox: Alt-Svc ALPN...
Moderate: python-requests security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout CVE-2024-27399 kernel: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE CVE-2024-38564 kernel: bpf: Fix a...
Important: gstreamer1-plugins-base security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fixes: gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in...
Moderate: tuned security update
The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: improper sanitization of instancename parameter of the instancecreate method CVE-2024-52337 For more details about the security issues, including the impact, a CVSS score,...
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...
Moderate: edk2:20220126gitbb1bba3d77 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Integer overflows in PeCoffLoaderRelocateImage CVE-2024-38796 For more details about the security issues, including th...
Important: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: uninitialized stack memory in...
Moderate: python3.11-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...
Moderate: mpg123:1.32.9 security update
The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...
Moderate: edk2:20240524 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Integer overflows in PeCoffLoaderRelocateImage CVE-2024-38796 For more details about the security issues, including th...
Moderate: pam security update
Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: libpam: Libpam vulnerable to read hashed password CVE-2024-10041 For more details about the security issues, including the...
Moderate: libsndfile:1.0.31 security update
libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: Segmentation fault error in oggvorbis.c:417 vorbisanalysiswrote CVE-2024-50612 For more details about the security issues, including the impact, a CVSS score,...
Moderate: containernetworking-plugins security update
The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...
Moderate: unbound:1.16.2 security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack...
Moderate: libsndfile security update
libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: Segmentation fault error in oggvorbis.c:417 vorbisanalysiswrote CVE-2024-50612 For more details about the security issues, including the impact, a CVSS score,...
Moderate: mpg123 security update
The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...
Moderate: bluez security update
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts AlmaLinux, and pcmcia configuration files. Security Fixes: bluez: unauthorized HID device connections allows keystroke injection and arbitrary...
Important: gstreamer1-plugins-good security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer1-plugins-good: uninitialized stack memory in...
Important: gstreamer1-plugins-base security update
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fixes: gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header CVE-2024-21510 For more details about the security issues, including the impact, a CVSS score,...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: python3.9:3.9.21 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python36:3.6 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing error check and insufficient random bytes in...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: selinux,smack: don't bypass permissions check in inodesetsecctx hook CVE-2024-46695 kernel: net: avoid potential underflow in...
Moderate: php:8.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: selinux,smack: don't bypass permissions check in inodesetsecctx hook CVE-2024-46695 kernel: net: avoid potential underflow in qdiscpktleninit with UFO CVE-2024-49949 kernel: blk-rq-qos: f...
Moderate: php:8.1 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/smc: fix illegal rmbdesc access in SMC-D connection dump CVE-2024-26615 kernel: block: initialize integrity buffer to zero before writing it to media CVE-2024-43854 kernel: iommu:...
Moderate: php:8.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...
Important: postgresql:16 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...
Important: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
Important: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
Important: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...
Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...
Important: ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
Important: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...