Lucene search
K
AlmalinuxRecent

5355 matches found

AlmaLinux
AlmaLinux
•added 2023/09/11 12:0 a.m.•50 views

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.02134EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•63 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC...

8.8CVSS8AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•49 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

8.8CVSS8AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•55 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

8.8CVSS8.5AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/09/04 12:0 a.m.•46 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC...

8.8CVSS8.6AI score0.00693EPSS
Exploits0References26
AlmaLinux
AlmaLinux
•added 2023/08/29 12:0 a.m.•27 views

Important: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: Information leak through Cups-Get-Document operation CVE-2023-32360 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS6.9AI score0.00347EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/29 12:0 a.m.•42 views

Important: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: Information leak through Cups-Get-Document operation CVE-2023-32360 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS6.9AI score0.00347EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/22 12:0 a.m.•43 views

Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.AlmaLinux.RHSM1 D-Bus interface allows local users to modify...

7.8CVSS6.7AI score0.00253EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/22 12:0 a.m.•32 views

Important: subscription-manager security update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Security Fixes: subscription-manager: inadequate authorization of com.AlmaLinux.RHSM1 D-Bus interface allows local users to modify...

7.8CVSS6.7AI score0.00253EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•58 views

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

7.8CVSS7.4AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•36 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS7.4AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•30 views

Important: rust security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•30 views

Important: rust-toolset:rhel8 security update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fixes: rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 For more details about the security issues, including t...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•31 views

Important: .NET 7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10...

7.8CVSS6.8AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/14 12:0 a.m.•141 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21...

7.8CVSS6.8AI score0.15519EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•77 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free...

8.8CVSS7.4AI score0.02014EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•48 views

Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•57 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: GSS delegation too eager connection re-use CVE-2023-27536 curl: IDN wildcard match may lead to Improper Cerificate...

5.9CVSS6.9AI score0.0181EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•44 views

Moderate: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: Integer Overflow in libcapstrdup CVE-2023-2603 libcap: Memory Leak on pthreadcreate Error CVE-2023-2602 For more details about the security issues, including the impact, a CVSS...

7.8CVSS7AI score0.00574EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•63 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

6.5CVSS7AI score0.01086EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•124 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows...

8.8CVSS7.3AI score0.02014EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•38 views

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 postgresql: Client memory disclosure...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•25 views

Important: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: memory allocation hazard and crash CVE-2023-38403 For more details about the security issues, including t...

7.5CVSS7AI score0.01703EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•71 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•33 views

Important: iperf3 security update

Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fixes: iperf3: memory allocation hazard and crash CVE-2023-38403 For more details about the security issues, including t...

7.5CVSS7AI score0.01703EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•32 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered...

6.5CVSS7AI score0.01417EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•44 views

Moderate: python-requests security update

The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

6.1CVSS7AI score0.02782EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•61 views

Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223678, BZ2223680, BZ2223682, BZ2223684, BZ2223686, BZ2223688 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/08/08 12:0 a.m.•42 views

Moderate: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS7AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•28 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References22
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•89 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered...

6.5CVSS7AI score0.01417EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/07 12:0 a.m.•31 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References22
AlmaLinux
AlmaLinux
•added 2023/08/03 12:0 a.m.•35 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used...

9.8CVSS8.4AI score0.13694EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2023/08/03 12:0 a.m.•29 views

Important: firefox security update

TODO: add package description This update upgrades Firefox to version 102.14.0 ESR. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla: Potential permissions request bypa...

9.8CVSS8.3AI score0.13694EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•88 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS7.7AI score0.76768EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•34 views

Moderate: libeconf security update

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it. Security Fixes: libeconf: stack-based buffer overflow in readfile in...

6.5CVSS7.4AI score0.00636EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•86 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 kernel: KVM: x86/mmu: race condition in...

7.8CVSS6.7AI score0.01377EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•29 views

Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag...

8.6CVSS7.7AI score0.006EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•256 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469 For more details about the security...

6.5CVSS7AI score0.01086EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•16 views

Important: cjose security update

CJose is C library implementing the Javascript Object Signing and Encryption JOSE. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 For more details about the security issues, including the impact, a CVSS score,...

8.6CVSS7.6AI score0.006EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•41 views

Moderate: python-requests security update

The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

6.1CVSS7AI score0.02782EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•204 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: IDN wildcard match may lead to Improper Cerificate Validation CVE-2023-28321 curl: more POST-after-PUT confusion...

5.9CVSS7AI score0.02211EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•227 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS7.7AI score0.76768EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2023/08/01 12:0 a.m.•46 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt...

7.8CVSS6.8AI score0.01377EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•34 views

Moderate: samba security and bug fix update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: SMB2 packet signing is not enforced when "server...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•41 views

Moderate: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective searchpath changes CVE-2023-2454 postgresql: row security policies disregard user ID changes after inlining. CVE-2023-2455 For more details about the security...

7.2CVSS6.9AI score0.0119EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•58 views

Moderate: nodejs security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223334, BZ2223336, BZ2223338, BZ2223340, BZ2223342, BZ2223344 Security Fixes: nodejs...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•73 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18. BZ2223314, BZ2223316, BZ2223318, BZ2223319, BZ2223320, BZ2223354 Security Fixes: nodejs:...

7.5CVSS7.6AI score0.03906EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/07/31 12:0 a.m.•39 views

Moderate: samba security and bug fix update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: SMB2 packet signing is not enforced when "server...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/07/20 12:0 a.m.•65 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper handling o...

7.5CVSS7.1AI score0.01812EPSS
Exploits0References16
Total number of security vulnerabilities5355