Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•32 views

Moderate: autotrace security update

AutoTrace is a program for converting bitmaps to vector graphics. Security Fixes: autotrace: heap-buffer overflow via the ReadImage at input-bmp.c CVE-2022-32323 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer t...

7.3CVSS7.2AI score0.00759EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

7.8CVSS7.5AI score0.00658EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•58 views

Important: pcs security and bug fix update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: webpack: Regression of CVE-2023-28154 fixes in the AlmaLinux CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of...

9.8CVSS8.7AI score0.0183EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•46 views

Moderate: golang-github-cpuguy83-md2man security, bug fix, and enhancement update

go-md2man converts markdown into roff man pages. Security Fixes: golang: regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed...

7.5CVSS7.8AI score0.01339EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•30 views

Moderate: fence-agents security and bug fix update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-oauthlib: DoS when attacker provides malicious IPV6 URI...

6.5CVSS6.9AI score0.01258EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•25 views

Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: python-mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.4AI score0.01656EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•26 views

Moderate: tigervnc security and bug fix update

Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...

8.8CVSS8.5AI score0.02685EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•56 views

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests...

5.3CVSS7.9AI score0.05623EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•28 views

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer-plugins-good: Potential heap overwrite in...

7.8CVSS7.9AI score0.00465EPSS
Exploits7References16
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•37 views

Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: NRDelegation attack leads to uncontrolled resource consumption Non-Responsive Delegation Attack CVE-2022-3204 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.6AI score0.01259EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•63 views

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

5.5CVSS6.1AI score0.0048EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•40 views

Moderate: wireshark security and bug fix update

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: f5ethtrailer Infinite loop in legacy style dissector CVE-2022-3190 For more details about the security issues, including the impact, a CVSS...

6.3CVSS6.1AI score0.01754EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•55 views

Moderate: net-snmp security and bug fix update

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command...

6.5CVSS6.7AI score0.5346EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•115 views

Low: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Incorrect handling of control code characters in cookies CVE-2022-35252 curl: Use-after-free triggered by an HTTP pro...

5.9CVSS7AI score0.02511EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: krb5 security, bug fix, and enhancement update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

9CVSS7.9AI score0.13794EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•60 views

Moderate: qemu-kvm security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm 7.2.0...

6.5CVSS7.2AI score0.0114EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•38 views

Low: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

5.5CVSS6.2AI score0.00409EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•76 views

Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.32. BZ2177731, BZ2177732 Security Fixes: mysql: Server: Security:...

7.5CVSS6.7AI score0.43131EPSS
Exploits0References76
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•69 views

Moderate: conmon security and bug fix update

Conmon is an OCI container runtime monitor. Security Fixes: golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

5.3CVSS7AI score0.05623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•64 views

Moderate: butane security, bug fix, and enhancement update

Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition. The following packages have been upgraded to a later upstream version: butane 0.16.0. BZ2135475 Security Fixes: golang: net/http: handle server errors after...

7.5CVSS8.1AI score0.02513EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•21 views

Moderate: pki-core security, bug fix, and enhancement update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-core: When using the caServerKeygenDirUserCert profile, user can get certificates for other UIDs by entering name in Subject field CVE-2022-2393 For more details abou...

5.7CVSS5.7AI score0.00227EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•34 views

Moderate: xorg-x11-server security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: buffer overflow in GetCountedString in xkb/xkb.c CVE-2022-3550 xorg-x11-server:...

8.8CVSS8.5AI score0.02685EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•40 views

Moderate: skopeo security and bug fix update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session...

5.3CVSS7.9AI score0.05623EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•65 views

Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...

7.5CVSS7.2AI score0.05623EPSS
Exploits4References22
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: freeradius security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

7.5CVSS7.2AI score0.01171EPSS
Exploits0References8
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•57 views

Moderate: grafana-pcp security and enhancement update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

7.5CVSS7.9AI score0.02513EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•62 views

Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS6.9AI score0.02513EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•43 views

Moderate: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...

7.5CVSS7.2AI score0.05623EPSS
Exploits1References12
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•56 views

Moderate: toolbox security and bug fix update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 golang:...

7.5CVSS7.2AI score0.05623EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•55 views

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

5.3CVSS7.9AI score0.05623EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•68 views

Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

5.3CVSS7.8AI score0.05623EPSS
Exploits1References6
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•80 views

Moderate: fwupd security and bug fix update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...

6.7CVSS7AI score0.01037EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Moderate: sysstat security and bug fix update

The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fixes: sysstat: arithmetic overflow in allocatestructures on 32 bit systems CVE-2022-39377 For more details about the security issues, including the...

7.8CVSS7.9AI score0.01096EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•32 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: buffer overflow in GetCountedString in xkb/xkb.c CVE-2022-3550 xorg-x11-server: XkbGetKbdByName use-after-free CVE-2022-4283 xorg-x11-server: XTestSwapFakeInput stack overflow CVE-2022-46340...

8.8CVSS8.6AI score0.02685EPSS
Exploits0References20
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•53 views

Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

9.8CVSS8.9AI score0.01936EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•23 views

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...

6.5CVSS6.6AI score0.01606EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•56 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: the functions orderhostkeyalgs and listhostkeytypes leads to double-free vulnerabili...

6.5CVSS6.9AI score0.89955EPSS
Exploits10References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•40 views

Moderate: jackson security update

Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats. Security Fixes: jackson-databind: denial of service via a large dept...

7.5CVSS8.7AI score0.0486EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•53 views

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.9AI score0.5017EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•56 views

Moderate: git security and bug fix update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

8.8CVSS7.4AI score0.02938EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•44 views

Moderate: emacs security and bug fix update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: ctags local command execution vulnerability CVE-2022-45939 For more details about the...

7.8CVSS7.6AI score0.00635EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•81 views

Low: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 For more details...

7.5CVSS7.6AI score0.02846EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•33 views

Low: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...

9.1CVSS8.7AI score0.02919EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•30 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: FTP too eager connection reuse CVE-2023-27535 For more details about the security issues, including the impact, a CVS...

5.9CVSS8.7AI score0.01607EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•35 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux CVE-2023-2203 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

8.8CVSS8.6AI score0.00934EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•57 views

Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux CVE-2023-2491 emacs: command execution...

9.8CVSS8.1AI score0.01639EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•67 views

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...

8.6CVSS7.8AI score0.02023EPSS
Exploits3References14
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•44 views

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

8.6CVSS8AI score0.02209EPSS
Exploits5References18
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•122 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

8.8CVSS8.5AI score0.03763EPSS
Exploits13References82
AlmaLinux
AlmaLinux
•added 2023/05/09 12:0 a.m.•24 views

Moderate: frr security, bug fix, and enhancement update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. The following packages have been upgraded to a later upstream version: frr 8.3.1. BZ2129731 Security Fixes: frr: out-of-bounds read in the BGP...

9.1CVSS8.9AI score0.01578EPSS
Exploits1References4
Total number of security vulnerabilities5323