5315 matches found
Important: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868 For more details about th...
Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...
Important: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofe...
Important: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868 For more details about th...
Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Side-channel leaks while stripping...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofed on another site CVE-2024-1547 Mozilla: Memory...
Important: postgresql:15 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fixes: Mozilla: Out-of-bounds memory read in networking channels CVE-2024-1546 Mozilla: Alert dialog could have been spoofe...
Important: postgresql security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Moderate: oniguruma security update
Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c CVE-2019-16163 oniguruma: integer overflow i...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...
Moderate: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023...
Low: edk2 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 For more details about the security issues,...
Important: python-pillow security update
The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fixes: pillow: Arbitrary Code Execution via the environment parameter CVE-2023-50447 For mor...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: schhfsc UAF CVE-2023-4623 kernel: use-after-free in schqfq network scheduler CVE-2023-4921 kernel: inactive elements in nftpipapowalk CVE-2023-6817 kernel: IGB driver inadequat...
Important: gimp:2.8 security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: PSD buffe...
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2...
Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2...
Moderate: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Bug Fixes and Enhancements: CVE-2023-28487 sudo: Sudo does no...
Important: dotnet7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16...
Important: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27...
Important: dotnet6.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27...
Important: dotnet7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16...
Moderate: tcpdump security update
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fixes: tcpslice: use-after-free in extractslice CVE-2021-41043 For more details about th...
Moderate: nss security update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: vulnerable to Minerva side-channel information leak CVE-2023-6135 For more details about the security issues, including t...
Moderate: libmaxminddb security update
The libmaxminddb package contains the MaxMind DB library. Security Fixes: libmaxminddb: improper initialization in dumpentrydatalist in maxminddb.c CVE-2020-28241 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer ...
Moderate: nss security update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: vulnerable to Minerva side-channel information leak CVE-2023-6135 For more details about the security issues, including t...
Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descriptor leak CVE-2024-21626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related informatio...
Important: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descriptor leak "Leaky Vessels" CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is available in th...
Important: gimp security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...
Important: runc security update
The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: file descriptor leak CVE-2024-21626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: rpm security update
The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...
Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 For more details about the security issues, including the impact, a CVSS score,...
Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 For more details about the security issues, including the impact,...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fixes: Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742 Mozilla: Crash when listing printers on Linux...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.7.0 ESR. Security Fixes: Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.7.0 ESR. Security Fixes: Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fixes: Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742 Mozilla: Crash when listing printers on Linux...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: HTTP request smuggling via malformed trailer headers CVE-2023-46589 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: gnutls security update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 gnutls: incomplete fix for CVE-2023-5981...
Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: grub2 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: bypass the...
Moderate: python-urllib3 security update
The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie request header isn't stripped during cross-origin redirects CVE-2023-43804 urllib3: Request body not stripped after redirect from 303 status changes...