Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.37 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367 xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions CVE-2023-6377 xorg-x11-server: out-of-bounds...

9.8CVSS9.5AI score0.02106EPSS
Exploits0References20
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.44 views

Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

5.5CVSS5.6AI score0.00301EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.60 views

Moderate: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.0125EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.39 views

Moderate: buildah bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS8.7AI score0.01262EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.30 views

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS7.1AI score0.00944EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.33 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 grafana: vulnerable to authorization bypass CVE-2024-1313 For more...

7.5CVSS7.3AI score0.01533EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.29 views

Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...

6.1CVSS6.7AI score0.00188EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.29 views

Important: grafana-pcp security update

grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7.7AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.32 views

Moderate: mingw components security update

MinGW Minimalist GNU for Windows is a free and open source software development environment to create Microsoft Windows applications. Security Fixes: binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfdgetl64 CVE-2023-1579 For more details about the security issues, including the impac...

7.8CVSS6.5AI score0.00486EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.46 views

Moderate: traceroute security update

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Security Fixes: traceroute: improper command line parsing CVE-2023-46316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.5CVSS7AI score0.00367EPSS
Exploits2References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.34 views

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack CVE-2024-26141...

7.5CVSS6.6AI score0.35376EPSS
Exploits2References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.28 views

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: null pointer dereference CVE-2023-4874 mutt: null pointer dereference...

6.5CVSS6.5AI score0.00719EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.45 views

Moderate: skopeo security and bug fix update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms...

7.5CVSS8.8AI score0.01956EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.47 views

Moderate: libvirt security and bug fix update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus...

6.2CVSS6.9AI score0.00398EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.31 views

Moderate: sssd security and bug fix update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

7.1CVSS7.4AI score0.01033EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.52 views

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...

7.5CVSS7.8AI score0.91969EPSS
Exploits1References16
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.37 views

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

7.8CVSS7.2AI score0.00536EPSS
Exploits2References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.40 views

Low: mingw-glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GVariant offset table...

7.5CVSS7.5AI score0.0078EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.38 views

Moderate: toolbox security update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: html/template: improper handling of HTML-like comments within script contexts...

6.1CVSS7.9AI score0.01208EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.23 views

Moderate: tcpdump security update

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fixes: tcpslice: use-after-free in extractslice CVE-2021-41043 For more details about th...

5.5CVSS6.7AI score0.0087EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.59 views

Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019...

7CVSS6.8AI score0.01891EPSS
Exploits1References12
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.42 views

Moderate: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty CVE-2023-5367...

9.8CVSS9.1AI score0.02106EPSS
Exploits0References22
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.32 views

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. CVE-2023-45287 For more details about the security...

7.5CVSS7.5AI score0.0125EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.39 views

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in...

8.6CVSS8.8AI score0.01262EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.108 views

Moderate: mod_jk and mod_proxy_cluster security update

The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...

7.5CVSS6.1AI score0.02242EPSS
Exploits5References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.49 views

Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS6.6AI score0.91327EPSS
Exploits2References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.44 views

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath: stack...

7.5CVSS7.8AI score0.01618EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.32 views

Moderate: libvirt security update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: NULL pointer dereference in...

5.5CVSS6.7AI score0.0025EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.40 views

Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...

7.5CVSS6.5AI score0.00985EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.53 views

Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS6.6AI score0.02978EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.24 views

Moderate: gstreamer1-plugins-base security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fixes: gstreamer-plugins-base: heap overwrite in subtitle parsing CVE-2023-37328 For more details...

8.8CVSS6.6AI score0.01812EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.63 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.1AI score0.00892EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.27 views

Moderate: zziplib security update

The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: invalid memory access at zzipdiskentrytofileheader in mmapped.c CVE-2020-18770 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS6.5AI score0.00317EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.37 views

Important: tigervnc security update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

7CVSS9.4AI score0.00715EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.36 views

Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

5.3CVSS6.8AI score0.0111EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.63 views

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: urllib3: Request body not stripped after redirect from 303 status chang...

6.1CVSS6.4AI score0.00892EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.60 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 For more details about the security issues, including the impact, a CVSS...

8.1CVSS9.6AI score0.01207EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.35 views

Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP reques...

7.5CVSS7.2AI score0.0125EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.26 views

Moderate: motif security update

The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fixes: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43788 libXpm: out of bounds read on XPM with...

5.5CVSS5.6AI score0.00365EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.44 views

Moderate: qt5-qtbase security update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: incorrect integer overflow check CVE-2023-51714 qtbase: potential buffer overflow when reading KTX images CVE-2024-25580 For more details...

9.8CVSS7.1AI score0.00986EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.44 views

Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

8.8CVSS7.2AI score0.02009EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.39 views

Moderate: gnutls security update

The gnutls package provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: vulnerable to Minerva side-channel information leak CVE-2024-28834 gnutls: potential crash during chain...

5.3CVSS5.2AI score0.00718EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.43 views

Low: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname CVE-2023-6004 libssh: Missing checks for return values for digests...

5.3CVSS5.6AI score0.01421EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.77 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.8AI score0.99995EPSS
Exploits1References14
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.38 views

Moderate: libjpeg-turbo security update

The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fixes: libjpeg-turbo:...

7.1CVSS6.6AI score0.00715EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.47 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: infinite loop via a crafted TIFF file CVE-2022-40090 libtiff: segmentation fault in Fax3Encode in libtiff/tiffax3.c CVE-2023-3618 libtiff: integer overflow in tiffcp....

6.5CVSS7.4AI score0.01131EPSS
Exploits1References12
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.34 views

Moderate: harfbuzz security update

HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: allows attackers to trigger On^2 growth via consecutive marks CVE-2023-25193 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...

7.5CVSS6.9AI score0.01812EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.32 views

Moderate: freeglut security update

freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...

7.5CVSS6.6AI score0.01147EPSS
Exploits2References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.34 views

Low: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: a heap-buffer-overflow in raw2imageex CVE-2023-1729 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

6.5CVSS6.6AI score0.01289EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.40 views

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 libX11: stack exhaustion from infinite recursion in PutSubImage CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap overflow...

7.8CVSS7.1AI score0.00633EPSS
Exploits1References8
Total number of security vulnerabilities5315