5323 matches found
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefo...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fixes: Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefo...
Important: nss security update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 For more details about the security issues, including the impact, a CVSS...
Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP multi-header compression denial of service CVE-2023-23916 For more details about the security issues, including...
Important: pesign security update
The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Security Fixes: pesign: Local privilege escalation on pesign systemd service CVE-2022-3560 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...
Moderate: libjpeg-turbo security update
The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fixes: libjpeg-turbo: heap...
Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...
Moderate: tar security update
The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 kernel: stack overflow in doprocdointvec an...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Download attack CVE-2022-45442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: httpd security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
Moderate: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: use after free allows Sandbox Escape CVE-2021-44964 lua: stack overflow in...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: no check if the return value of XChangeGC is NULL CVE-2022-47024 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C...
Moderate: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.27. BZ2161667 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cook...
Moderate: python-setuptools security update
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...
Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 kernel: use-after-free in...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution CVE-2023-23529 For more details about the security issues, including the impact, a CVSS score,...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution CVE-2023-23529 For more details about the security issues, including the impact, a CVSS score,...
Important: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and...
Moderate: httpd:2.4 security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
Moderate: php:8.0 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0. BZ2161666 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie...
Moderate: tar security update
The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...
Moderate: python-setuptools security update
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 For more details abo...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mm/mremap.c use-after-free vulnerability CVE-2022-41222 kernel: nfsd buffer overflow by RPC message over TCP with garbage data CVE-2022-43945 kernel: an out-of-bounds vulnerability in...
Moderate: systemd security and bug fix update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
Moderate: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: mm/mremap.c use-after-free vulnerability CVE-2022-41222 kernel: nfsd buffer overflow by RPC message over TCP with garbage data...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: Reflected File Download attack CVE-2022-45442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes CVE-2023-25728 Mozilla:...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes CVE-2023-25728 Mozilla:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fixes: Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation...
Moderate: grub2 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Buffer...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Important: libksba security update
KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fixes: libksba: integer overflow to code executiona CVE-2022-47629 For more details about the security...
Important: libksba security update
KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fixes: libksba: integer overflow to code executiona CVE-2022-47629 For more details about the security...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 For more details about the security issues, including the impact, a CVSS...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla: Revocation status of S/Mime signature certificates was not checked CVE-2023-0430 For more details about the security issues, including the impact, a CVSS...
Moderate: java-1.8.0-openjdk security and bug fix update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...
Moderate: java-1.8.0-openjdk security and bug fix update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory safety bugs fixed ...
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory safety bugs fixed ...
Moderate: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...