5315 matches found
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 For more details about the security issues, including the impact, a CVSS score,...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 For more details about the security issues, including the impact, a CVSS score,...
Important: .NET 6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35...
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10...
Important: .NET 6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35...
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10...
Low: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 For more details about the security issues,...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: 115.16/128.3 ESR firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird: Memory safety...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in t...
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity CVE-2023-20584 kernel: hw: amd:Incomplete system memory cleanup in SE...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: 115.16/128.3 ESR firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3...
Moderate: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity CVE-2023-20584 kernel: hw: amd:Incomplete system memory cleanup in SE...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131...
Moderate: mod_jk bug fix update
The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to upstream 1.2.50 release JIRA:AlmaLinux-58855 Security fixes: modjk: information Disclosure / DoS CVE-2024-46544 JIRA:AlmaLinux-59800...
Important: cups-filters security update
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS distribution but is now maintained independently. Security Fixes: cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source...
Moderate: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 For more details about the security issues, including the impact, a CVSS score...
Important: cups-filters security update
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS distribution but is now maintained independently. Security Fixes: cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source...
Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
Moderate: net-snmp security update
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command...
Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2024-26600 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605 CVE-2024-26638 CVE-2024-26645 CVE-2024-26665...
Moderate: gtk3 security update
The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fixes: gtk3: gtk2: Library injection from CWD CVE-2024-6655 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
Moderate: dovecot security update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
Moderate: python3.12 security update
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...
Moderate: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: expat security update
Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer overflow CVE-2024-45492 For more details about the security issues, including the...
Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605...
Moderate: emacs security update
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers...
Moderate: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public key algorith...
Low: nano security update
GNU nano is a small and friendly text editor. Security Fixes: nano: running chmod and chown on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file CVE-2024-5742 For more details about the security issues, including the impact, a CVSS scor...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: uio: Fix use-after-free in uioopen CVE-2023-52439 kernel: net/sched: actmirred: don't override retval if we already lost the skb CVE-2024-26739 kernel: ARM: 9359/1: flush: check if the...
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions containing deeply nested...
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 For more details...
Important: grafana-pcp security update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deepl...
Important: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
Important: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Moderate: libnbd security update
Network Block Device NBD is a protocol for accessing Block Devices hard disks and disk-like devices over a Network. The libnbd is a userspace client library for writing NBD clients. Security Fixes: libnbd: NBD server improper certificate validation CVE-2024-7383 For more details about the securit...
Moderate: expat security update
Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer overflow CVE-2024-45492 For more details about the security issues, including the...
Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible denial of service in X.509 name checks CVE-2024-6119 For more details about the security...
Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pypa/setuptools: Remote code execution via download functions in the...