Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•23 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: buffer overflow in GetCountedString in xkb/xkb.c CVE-2022-3550 xorg-x11-server: XkbGetKbdByName use-after-free CVE-2022-4283 xorg-x11-server: XTestSwapFakeInput stack overflow CVE-2022-46340...

8.8CVSS7.4AI score0.02685EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•41 views

Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.8CVSS7AI score0.00574EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•25 views

Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer t...

7.3CVSS7AI score0.00759EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•58 views

Moderate: unbound security and bug fix update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: NRDelegation attack leads to uncontrolled resource consumption Non-Responsive Delegation Attack CVE-2022-3204 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.7AI score0.01259EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•23 views

Moderate: frr security and bug fix update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fixes: frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service CVE-2022-37032 For more...

9.1CVSS6.7AI score0.01578EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•52 views

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

7.5CVSS6.7AI score0.02453EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•77 views

Moderate: git security and bug fix update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

8.8CVSS6.8AI score0.02938EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•73 views

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

7.5CVSS6.6AI score0.05623EPSS
Exploits5References30
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•38 views

Moderate: libtar security update

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fixes: libtar: out-of-bounds read in gnulonglink CVE-2021-33643 libtar: out-of-bounds read in gnulongname...

9.1CVSS6.6AI score0.01431EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•73 views

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...

7.5CVSS6.9AI score0.01231EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•28 views

Moderate: wayland security, bug fix, and enhancement update

Wayland is a protocol for a compositor to talk to its clients, as well as a C library implementation of that protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be...

6.6CVSS7AI score0.00297EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•51 views

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions CVE-2022-1962 golang:...

7.5CVSS6.8AI score0.05623EPSS
Exploits5References30
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•33 views

Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

7.5CVSS6.7AI score0.01656EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•41 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS6.9AI score0.00934EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•42 views

Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: FTP too eager connection reuse CVE-2023-27535 For more details about the security issues, including the impact, a CVS...

5.9CVSS7.1AI score0.01607EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•99 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2122230, BZ2122267 Security Fixes: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564...

8.8CVSS8.1AI score0.03763EPSS
Exploits17References80
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•30 views

Moderate: tigervnc security and bug fix update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

8.8CVSS7AI score0.02685EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•39 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c CVE-2022-3627 libtiff: integer overflow in function TIFFReadRGBATileExt of the file CVE-2022-3970 For more...

8.8CVSS7.1AI score0.01237EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•97 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

9.8CVSS7.3AI score0.49336EPSS
Exploits6References12
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•29 views

Important: apr-util security update

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Security Fixes: apr-util:...

6.5CVSS7AI score0.01417EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•102 views

Low: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7.1AI score0.02511EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•90 views

Moderate: net-snmp security and bug fix update

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command...

6.5CVSS6.8AI score0.5346EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•58 views

Moderate: emacs security and bug fix update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: ctags local command execution vulnerability CVE-2022-45939 For more details about the...

7.8CVSS6.7AI score0.00635EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•43 views

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

5.3CVSS6.7AI score0.01495EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•49 views

Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS6.5AI score0.01936EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•32 views

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux CVE-2023-2491 For more details about t...

7.8CVSS6.8AI score0.00469EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•37 views

Moderate: dhcp security and bug fix update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

6.5CVSS7AI score0.00664EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•45 views

Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

7.5CVSS6.7AI score0.03213EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•39 views

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

7.5CVSS6.7AI score0.03213EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•31 views

Moderate: ctags security update

Ctags is a C programming language indexing and cross-reference tool. Security Fixes: ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.8CVSS7AI score0.00577EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•65 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets...

8.8CVSS8AI score0.03763EPSS
Exploits17References80
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•62 views

Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

7.8CVSS7.5AI score0.05552EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•53 views

Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS6.7AI score0.5017EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•39 views

Important: mingw-expat security update

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS6.8AI score0.01659EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•38 views

Moderate: xorg-x11-server security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: buffer overflow in GetCountedString in xkb/xkb.c CVE-2022-3550 xorg-x11-server:...

8.8CVSS7.3AI score0.02685EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•29 views

Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: clients using /parallel command line switch might read...

7.5CVSS7.4AI score0.00985EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•40 views

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

5.5CVSS6.7AI score0.0048EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•34 views

Moderate: gcc-toolset-12-binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

5.5CVSS6.9AI score0.00437EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•73 views

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code execution CVE-2023-23517 webkitgtk: memory...

8.8CVSS8AI score0.34574EPSS
Exploits2References46
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•53 views

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS6.7AI score0.02513EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•34 views

Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

7.8CVSS6.6AI score0.00658EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•33 views

Low: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

5.5CVSS6.8AI score0.00409EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•29 views

Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS7.2AI score0.01606EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•46 views

Moderate: gssntlmssp security update

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Security Fixes: gssntlmssp: multiple out-of-bounds read when decoding NTLM fields CVE-2023-25563 gssntlmssp: memory corruption when decoding UTF16 strings CVE-2023-25564 gssntlmssp: incorrect...

8.2CVSS7.2AI score0.01942EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•57 views

Moderate: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...

7.5CVSS6.7AI score0.05623EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•40 views

Moderate: freeradius:3.0 security update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

7.5CVSS7.2AI score0.01171EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/05/16 12:0 a.m.•32 views

Important: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

7.5CVSS7.1AI score0.01581EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•28 views

Moderate: libguestfs-winsupport security update

The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine VM disk images. Security Fixes: ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 ntfs-3g: crafted NTFS image can cause heap...

7.8CVSS7.8AI score0.00504EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•80 views

Important: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function...

9.8CVSS7.6AI score0.59501EPSS
Exploits0References12
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: dhcp security and enhancement update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

6.5CVSS7AI score0.00664EPSS
Exploits0References6
Total number of security vulnerabilities5323