Lucene search
K
AlmalinuxRecent

5315 matches found

AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•32 views

Moderate: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: Integer Overflow in libcapstrdup CVE-2023-2603 libcap: Memory Leak on pthreadcreate Error CVE-2023-2602 For more details about the security issues, including the impact, a CVSS...

7.8CVSS7AI score0.00574EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•37 views

Moderate: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration CVE-2023-38201 For more...

7.5CVSS7AI score0.01142EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•83 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 5.14.0. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References22
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•32 views

Important: qemu-kvm security and bug fix update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote...

7.5CVSS7.1AI score0.01606EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•18 views

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

5.5CVSS6.9AI score0.02132EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•33 views

Moderate: dmidecode security update

The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface EFI, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version...

7.1CVSS6.6AI score0.00523EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•69 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.5AI score0.05794EPSS
Exploits5References22
AlmaLinux
AlmaLinux
•added 2023/09/12 12:0 a.m.•38 views

Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process Information Leak CVE-2023-20593 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

5.5CVSS7AI score0.05794EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/11 12:0 a.m.•33 views

Important: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

7.8CVSS7.6AI score0.00749EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/11 12:0 a.m.•38 views

Important: flac security update

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...

7.8CVSS7.6AI score0.00749EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/09/11 12:0 a.m.•50 views

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.02134EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•63 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC...

8.8CVSS8AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•49 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

8.8CVSS8AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•46 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC...

8.8CVSS8.6AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•55 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

8.8CVSS8.5AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/08/29 12:0 a.m.•27 views

Important: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: Information leak through Cups-Get-Document operation CVE-2023-32360 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS6.9AI score0.00347EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/29 12:0 a.m.•41 views

Important: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: Information leak through Cups-Get-Document operation CVE-2023-32360 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS6.9AI score0.00347EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/22 12:0 a.m.•43 views

Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.AlmaLinux.RHSM1 D-Bus interface allows local users to modify...

7.8CVSS6.7AI score0.00253EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/22 12:0 a.m.•32 views

Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.AlmaLinux.RHSM1 D-Bus interface allows local users to modify...

7.8CVSS6.7AI score0.00253EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•29 views

Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•58 views

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

7.8CVSS7.4AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•30 views

Important: rust security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•141 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS6.8AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•31 views

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

7.8CVSS6.8AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•36 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS7.4AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•42 views

Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS7AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•61 views

Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223678, BZ2223680, BZ2223682, BZ2223684, BZ2223686, BZ2223688 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•38 views

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 postgresql: Client memory disclosure...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•25 views

Important: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: memory allocation hazard and crash CVE-2023-38403 For more details about the security issues, including t...

7.5CVSS7AI score0.01703EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•44 views

Moderate: python-requests security update

The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

6.1CVSS7AI score0.02782EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•63 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

6.5CVSS7AI score0.01086EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•124 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows...

8.8CVSS7.3AI score0.02014EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•44 views

Moderate: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: Integer Overflow in libcapstrdup CVE-2023-2603 libcap: Memory Leak on pthreadcreate Error CVE-2023-2602 For more details about the security issues, including the impact, a CVSS...

7.8CVSS7AI score0.00574EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•33 views

Important: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: memory allocation hazard and crash CVE-2023-38403 For more details about the security issues, including t...

7.5CVSS7AI score0.01703EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•31 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered...

6.5CVSS7AI score0.01417EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•77 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free...

8.8CVSS7.4AI score0.02014EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•48 views

Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•57 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...

5.9CVSS6.9AI score0.0181EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•71 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•89 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered...

6.5CVSS7AI score0.01417EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•26 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References22
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•30 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References22
AlmaLinux
AlmaLinux
•added 2023/08/03 12:0 a.m.•34 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2023/08/03 12:0 a.m.•29 views

Important: firefox security update

TODO: add package description This update upgrades Firefox to version 102.14.0 ESR. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla: Potential permissions request bypa...

9.8CVSS8.3AI score0.13694EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•16 views

Important: cjose security update

CJose is C library implementing the Javascript Object Signing and Encryption JOSE. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 For more details about the security issues, including the impact, a CVSS score,...

8.6CVSS7.6AI score0.006EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•41 views

Moderate: python-requests security update

The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

6.1CVSS7AI score0.02782EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•204 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion...

5.9CVSS7AI score0.02211EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•256 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

6.5CVSS7AI score0.01086EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•86 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 kernel: KVM: x86/mmu: race condition in...

7.8CVSS6.7AI score0.01377EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•88 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS7.7AI score0.76768EPSS
Exploits10References4
Total number of security vulnerabilities5315