Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•28 views

Moderate: tang security update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

5.3CVSS7.2AI score0.00568EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•34 views

Moderate: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 For more details...

6.1CVSS7.1AI score0.01132EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•26 views

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS7.3AI score0.00691EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•76 views

Moderate: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...

9.8CVSS6.9AI score0.04561EPSS
Exploits1References28
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•60 views

Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

7.5CVSS7.2AI score0.62606EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•44 views

Moderate: wireshark security update

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: IEEE C37.118 Synchrophasor dissector crash CVE-2023-0668 wireshark: Candump log file parser cra...

6.5CVSS7.1AI score0.02256EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•52 views

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

9.8CVSS7.3AI score0.27095EPSS
Exploits3References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•26 views

Moderate: perl-CPAN security update

The CPAN module is a tool to query, download and build perl modules from CPAN sites. Security Fixes: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CVE-2023-31484 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS7.1AI score0.01548EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•43 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS7.2AI score0.65692EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•59 views

Moderate: flatpak security, bug fix, and enhancement update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak 1.12.8. BZ2221792 Security Fixes: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual consol...

10CVSS7.5AI score0.00887EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•43 views

Moderate: ghostscript security and bug fix update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: buffer overflow in base/sbcp.c leading to data corruption CVE-2023-28879...

9.8CVSS7.9AI score0.06341EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•51 views

Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

5.5CVSS7.3AI score0.00437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•29 views

Moderate: libqb security update

The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fixes: libqb: Buffer overflow in logblackbox.c CVE-2023-39976 For more details...

9.8CVSS7.4AI score0.00984EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•67 views

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

9.8CVSS8.2AI score0.01521EPSS
Exploits0References38
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•40 views

Low: glib2 security and bug fix update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GVariant offset table...

7.5CVSS7.1AI score0.00768EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•48 views

Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS7.7AI score0.01232EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•48 views

Moderate: python-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS7.2AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documen...

8.8CVSS8.3AI score0.0468EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•44 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: TELNET option IAC injection CVE-2023-27533 curl: SFTP...

9.8CVSS7.4AI score0.02195EPSS
Exploits4References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•78 views

Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

5.5CVSS5.8AI score0.0045EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•60 views

Moderate: perl-HTTP-Tiny security update

HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...

8.1CVSS7.1AI score0.01742EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•34 views

Moderate: libmicrohttpd security update

GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

5.9CVSS7.1AI score0.01243EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•44 views

Moderate: cups security and bug fix update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: heap buffer overflow may lead to DoS CVE-2023-32324 cups: use-after-free in cupsdAcceptClient in scheduler/client.c CVE-2023-34241 For more details about t...

7.5CVSS7.8AI score0.01473EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: null pointer dereference in LZWDecode in libtiff/tiflzw.c CVE-2023-2731 libtiff: tiffcrop: null pointer dereference in TIFFClose CVE-2023-3316 libtiff: memory leak in...

6.5CVSS7.1AI score0.01124EPSS
Exploits4References12
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•69 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

9.8CVSS7.2AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•40 views

Moderate: ncurses security and bug fix update

The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo...

7.8CVSS7.3AI score0.00923EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Moderate: krb5 security and bug fix update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS7.3AI score0.02107EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•83 views

Important: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: a heap-based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38545 curl: cookie injection with none file...

9.8CVSS8.2AI score0.78483EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•44 views

Moderate: python3.11-pip security update

pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...

9.8CVSS7.2AI score0.27095EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•35 views

Moderate: LibRaw security update

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. Security Fixes: LibRaw: stack buffer overflow in LibRawbufferdatastream::gets in src/librawdatastream.cpp CVE-2021-32142 For more details about the security issues, including the...

7.8CVSS7.7AI score0.00424EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•33 views

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

5.5CVSS7AI score0.00263EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•37 views

Moderate: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possibl...

6.5CVSS7AI score0.73461EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•65 views

Moderate: httpd and mod_http2 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.57. BZ2184403 Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about th...

7.5CVSS7.2AI score0.02134EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•58 views

Low: gdb security update

The GNU Debugger GDB allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fixes: libiberty: Heap/stack buffer overflow in the dlanglname function in d-demangle.c CVE-2021-3826 For more details about the security issues, including the...

6.5CVSS7.5AI score0.01089EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•45 views

Moderate: qt5 security and bug fix update

Qt is a software toolkit for developing applications. Security Fixes: qt: buffer over-read via a crafted reply from a DNS server CVE-2023-33285 qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation CVE-2023-34410 qtbase: buffer overflow in...

7.5CVSS7.7AI score0.01324EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•36 views

Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: Client memory disclosure when connecting with Kerberos to modified server CVE-2022-41862 For more details about the security issues, including the...

3.7CVSS7AI score0.00616EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•36 views

Moderate: libfastjson security update

The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...

7.8CVSS7.3AI score0.01888EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•32 views

Moderate: liblouis security update

Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through...

7.5CVSS7.7AI score0.01498EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•26 views

Moderate: librabbitmq security update

The librabbitmq packages provide an Advanced Message Queuing Protocol AMQP client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fixes: rabbitmq-c/librabbitmq: Insecure credentials submission CVE-2023-35789 For more details about the security issue...

5.5CVSS7AI score0.00214EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•27 views

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow CVE-2023-3138 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.7AI score0.01656EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•112 views

Moderate: frr security and bug fix update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: Reachable assertion in peekforas4capability function CVE-2022-36440 frr: denial of service by crafting a BGP OPEN message...

7.5CVSS7.2AI score0.02107EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•27 views

Low: tpm2-tss security and enhancement update

The tpm2-tss packages provide the Intel implementation of the Trusted Platform Module TPM 2.0 System API library. This library enables programs to interact with TPM 2.0 devices Security Fixes: tpm2-tss: Buffer Overlow in TSS2RCDecode CVE-2023-22745 For more details about the security issues,...

6.4CVSS7.1AI score0.00519EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•24 views

Low: procps-ng security and bug fix update

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fixes: procps: ps buffer overflow CVE-2023-4016 For more details about the security issues, including...

3.3CVSS7.6AI score0.00239EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•89 views

Important: linux-firmware security, bug fix, and enhancement update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: intel: Improper access control for some IntelR PROSet/Wireless WiFi CVE-2022-27635 hw: intel: Improper access control for some IntelR PROSet/Wireless WiFi...

8.2CVSS7.2AI score0.0616EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•26 views

Low: shadow-utils security and bug fix update

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: possible password leak during passwd1 change CVE-2023-4641 For more details about the security...

5.5CVSS7.2AI score0.00257EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•60 views

Moderate: python-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: memory corruption via immutable objects CVE-2023-23931 For more details about the...

6.5CVSS7.3AI score0.01301EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•47 views

Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

7.5CVSS7.1AI score0.24928EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•61 views

Moderate: mod_auth_openidc security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

7.5CVSS7.2AI score0.01327EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•88 views

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc: volume mount...

7.8CVSS7.3AI score0.01663EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2023/11/07 12:0 a.m.•70 views

Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadrati...

9.8CVSS7.2AI score0.04561EPSS
Exploits0References24
Total number of security vulnerabilities5315