Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2024/07/02 12:0 a.m.•61 views

Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel: Reserved fields in guest message responses may not be zero initialized CVE-2023-31346 For more details about the security issues, including the impact, a CVSS...

6CVSS7AI score0.00309EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/07/02 12:0 a.m.•23 views

Important: 389-ds security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/07/01 12:0 a.m.•147 views

Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.3CVSS6.8AI score0.03914EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/27 12:0 a.m.•29 views

Important: pki-core security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: dogtag ca: token authentication bypass vulnerability CVE-2023-4727 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.5CVSS7.5AI score0.00659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/25 12:0 a.m.•32 views

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.7AI score0.00313EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/25 12:0 a.m.•40 views

Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.6AI score0.00333EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/25 12:0 a.m.•58 views

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

9CVSS9.1AI score0.25334EPSS
Exploits34References12
AlmaLinux
AlmaLinux
•added 2024/06/25 12:0 a.m.•66 views

Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

9CVSS9.1AI score0.25334EPSS
Exploits34References12
AlmaLinux
AlmaLinux
•added 2024/06/24 12:0 a.m.•50 views

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.8CVSS7.6AI score0.00333EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/23 12:0 a.m.•18 views

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS7.1AI score0.008EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/20 12:0 a.m.•53 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

8.8CVSS7.3AI score0.01425EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/20 12:0 a.m.•37 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes: thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External protocol...

8.6CVSS7.9AI score0.0107EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2024/06/20 12:0 a.m.•31 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes: thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External protocol...

8.6CVSS7.9AI score0.0107EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2024/06/20 12:0 a.m.•30 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

8.8CVSS7.3AI score0.01425EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/18 12:0 a.m.•38 views

Moderate: container-tools:rhel8 bug fix and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: jose-go: improper handling of highly compressed data CVE-2024-28180 buildah: jose-go: improper handling of highly compressed data CVE-2024-28180 podman: jose-g...

5.9CVSS6.9AI score0.02085EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/17 12:0 a.m.•39 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

8.6CVSS7.8AI score0.0107EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2024/06/17 12:0 a.m.•27 views

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8.4CVSS7AI score0.00512EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/06/17 12:0 a.m.•41 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fixes: firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant...

8.6CVSS7.5AI score0.0107EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2024/06/17 12:0 a.m.•34 views

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8.4CVSS7AI score0.00512EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•42 views

Moderate: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064...

5.4CVSS7AI score0.00979EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•24 views

Low: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS5.4AI score0.00349EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•38 views

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data CVE-2024-28180 podman: golan...

6.5CVSS5.5AI score0.02085EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•27 views

Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk-pixbuf2: heap memory corruption on gdk-pixbuf CVE-2022-48622 For more details about the security issues,...

7.8CVSS7.1AI score0.00415EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•34 views

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS9AI score0.01017EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•25 views

Important: 389-ds-base security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•30 views

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

7.3CVSS7.4AI score0.01181EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•53 views

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

9.8CVSS9AI score0.02637EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•33 views

Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

6.5CVSS5.2AI score0.01165EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•45 views

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

6.5CVSS5.5AI score0.02085EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•31 views

Moderate: python-idna security update

The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture HSA Linux kernel driver amdkfd. Security Fixes: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode CVE-2024-3651...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•28 views

Moderate: gvisor-tap-vsock security and bug fix update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: golang:...

6.5CVSS5.2AI score0.01165EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/11 12:0 a.m.•34 views

Moderate: rpm-ostree security update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

6.2CVSS7.5AI score0.00328EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/10 12:0 a.m.•27 views

Important: idm:DL1 security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: CVE-2024-2698 freeipa: delegation rules allow a proxy service to impersonate any user to access another...

8.8CVSS6.9AI score0.02053EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/06/10 12:0 a.m.•26 views

Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...

8.8CVSS6.9AI score0.02053EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/06/10 12:0 a.m.•42 views

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...

8.8CVSS7.8AI score0.72648EPSS
Exploits18References14
AlmaLinux
AlmaLinux
•added 2024/06/10 12:0 a.m.•39 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

8.8CVSS7.8AI score0.72648EPSS
Exploits18References14
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•45 views

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.3. AlmaLinux-37446 Security Fixes: ruby: Buffer overread vulnerabili...

9.8CVSS7AI score0.02364EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•38 views

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-35449 Security Fixes: ruby: Buffer overread vulnerabili...

9.8CVSS9.4AI score0.02364EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•39 views

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.3. AlmaLinux-37697 Security Fixes: ruby: Buffer overread vulnerabili...

9.8CVSS6.3AI score0.02364EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•24 views

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

5.9CVSS7.3AI score0.00535EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•30 views

Moderate: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: command injection when deleting a sosreport with a crafted...

7.3CVSS7.5AI score0.01181EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•40 views

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase tomcat to version 9.0.87...

7.5CVSS9.7AI score0.23072EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2024/06/06 12:0 a.m.•29 views

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...

5.9CVSS7.2AI score0.00535EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2024/06/05 12:0 a.m.•60 views

Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 kernel: Information disclosure in vhost/vhost.c:vhostnewmsg CVE-2024-0340 kernel: untrusted VMM can...

8.8CVSS6.9AI score0.00969EPSS
Exploits0References116
AlmaLinux
AlmaLinux
•added 2024/06/05 12:0 a.m.•21 views

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref CVE-2024-26735 kernel: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection CVE-2024-26993 For more details about the...

5.5CVSS7.2AI score0.00272EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2024/06/05 12:0 a.m.•38 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in XMLReader CVE-2024-25062 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

7.5CVSS7.8AI score0.01364EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2024/06/05 12:0 a.m.•66 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 kernel: Information disclosure in...

8.8CVSS7AI score0.00969EPSS
Exploits0References108
AlmaLinux
AlmaLinux
•added 2024/06/03 12:0 a.m.•46 views

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280...

9.8CVSS7.2AI score0.02364EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2024/05/30 12:0 a.m.•51 views

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS...

9.8CVSS6.7AI score0.02637EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2024/05/30 12:0 a.m.•46 views

Moderate: nghttp2 security update

libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS CVE-2024-28182 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refe...

5.3CVSS6.6AI score0.8496EPSS
Exploits1References4
Total number of security vulnerabilities5315