Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•42 views

Important: libXpm security update

X.Org X11 libXpm runtime library. Security Fixes: libXpm: compression commands depend on $PATH CVE-2022-4883 libXpm: Runaway loop on width of 0 and enormous height CVE-2022-44617 libXpm: Infinite loop on unclosed comments CVE-2022-46285 For more details about the security issues, including the...

8.8CVSS8.4AI score0.01273EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•44 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.5CVSS8.1AI score0.19193EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•71 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

7.8CVSS8.2AI score0.22791EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•70 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: watch queue race condition can lead to privilege escalation CVE-2022-2959 kernel: memory corruption in AX88179178A based USB...

7.8CVSS8.2AI score0.21314EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•79 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: POST following PUT confusion CVE-2022-32221 For more details about the security issues, including the impact, a CVSS...

9.8CVSS9.2AI score0.04325EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•57 views

Important: sudo security update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: arbitrary file write with privileges of...

7.8CVSS8.2AI score0.55367EPSS
Exploits20References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•37 views

Important: libXpm security update

X.Org X11 libXpm runtime library. Security Fixes: libXpm: compression commands depend on $PATH CVE-2022-4883 libXpm: Runaway loop on width of 0 and enormous height CVE-2022-44617 libXpm: Infinite loop on unclosed comments CVE-2022-46285 For more details about the security issues, including the...

8.8CVSS8.4AI score0.01273EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•29 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fixes: Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux...

8.8CVSS8.4AI score0.00892EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•39 views

Moderate: bash security update

The bash packages provide Bash Bourne-again shell, which is the default shell for AlmaLinux. Security Fixes: bash: a heap-buffer-overflow in validparametertransform CVE-2022-3715 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.8CVSS7.8AI score0.00356EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•45 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

5.3CVSS6.2AI score0.01836EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•30 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Security Fixes: Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux...

8.8CVSS8.4AI score0.00892EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•70 views

Important: sudo security update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: arbitrary file write with privileges of...

7.8CVSS8.2AI score0.55367EPSS
Exploits20References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•55 views

Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputi...

7.5CVSS8AI score0.01544EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•33 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets...

6.5CVSS7.1AI score0.0131EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•39 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: LibTiff: DoS from Divide By Zero Error CVE-2022-2056, CVE-2022-2057, CVE-2022-2058 libtiff: Double free or corruption in rotateImage function at tiffcrop.c CVE-2022-2519...

6.5CVSS7.1AI score0.01255EPSS
Exploits7References14
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•37 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate CVE-2022-43680 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8AI score0.02241EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•23 views

Moderate: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: Out-of-bound access in ETYPEOK CVE-2021-46848...

9.1CVSS9.2AI score0.02062EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•26 views

Moderate: usbguard security update

The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature. Security Fixes:...

7.8CVSS7.2AI score0.00378EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•56 views

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql: SQL Injection in ResultSet.refreshRow with malicious column names CVE-2022-31197 For mo...

8CVSS8.5AI score0.01662EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•89 views

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

9.8CVSS8.7AI score0.14024EPSS
Exploits2References10
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•50 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: watch queue race condition can lead to privilege escalation CVE-2022-2959 kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 kernel: i915: Incorrect GPU TLB...

7.8CVSS8.2AI score0.21314EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2023/01/23 12:0 a.m.•28 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS8AI score0.04354EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/01/18 12:0 a.m.•42 views

Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

5.3CVSS6.2AI score0.01836EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/18 12:0 a.m.•28 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

5.3CVSS6.2AI score0.01836EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/18 12:0 a.m.•30 views

Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: handshake DoS attack against DTLS connections JSSE, 8287411 CVE-2023-21835 OpenJDK: soundbank URL remote loading Sound, 8293742 CVE-2023-21843 Fo...

5.3CVSS6.2AI score0.01836EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/16 12:0 a.m.•66 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

7.8CVSS8.2AI score0.22791EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2023/01/16 12:0 a.m.•34 views

Important: dpdk security update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 For more details about the security...

8.6CVSS8.6AI score0.01772EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•32 views

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

6.5CVSS6.9AI score0.00281EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•31 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS8AI score0.04354EPSS
Exploits0References10
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•31 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: LibTiff: DoS from Divide By Zero Error CVE-2022-2056, CVE-2022-2057, CVE-2022-2058 libtiff: Double free or corruption in rotateImage function at tiffcrop.c CVE-2022-2519...

6.5CVSS7.2AI score0.01255EPSS
Exploits7References20
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•50 views

Moderate: systemd security and bug fix update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.5CVSS6.3AI score0.00412EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•39 views

Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets...

6.5CVSS7.2AI score0.0131EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•123 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 kernel: i915: Incorrect GPU TLB flush can lead to random memory access CVE-2022-4139 For more details about the...

7.8CVSS8.2AI score0.00294EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•32 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

7.5CVSS8.1AI score0.19193EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•37 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate CVE-2022-43680 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8AI score0.02241EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•28 views

Moderate: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: Out-of-bound access in ETYPEOK CVE-2021-46848...

9.1CVSS2.5AI score0.02062EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•20 views

Moderate: usbguard security update

The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature. Security Fixes:...

7.8CVSS7.2AI score0.00378EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•47 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: memory corruption in AX88179178A based USB ethernet device. CVE-2022-2964 kernel: i915: Incorrect GPU TLB flush can lead to random...

7.8CVSS8.1AI score0.00294EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/12 12:0 a.m.•35 views

Moderate: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8CVSS7.9AI score0.0152EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/11 12:0 a.m.•40 views

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The...

7.5CVSS7.6AI score0.0274EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/11 12:0 a.m.•41 views

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The...

7.5CVSS7.8AI score0.0274EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/09 12:0 a.m.•53 views

Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Buffer...

8.6CVSS8.2AI score0.00872EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2023/01/09 12:0 a.m.•120 views

Moderate: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.1, nodejs-nodemon 2.0.20. Security Fixes: minimist: prototype pollution...

9.8CVSS8.4AI score0.14663EPSS
Exploits4References12
AlmaLinux
AlmaLinux
•added 2023/01/04 12:0 a.m.•76 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 For more details about the security issues, including the impact, a CVSS score,...

8.8CVSS9AI score0.08523EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/04 12:0 a.m.•78 views

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution CVE-2022-42856 For more details about the security issues, including the impact, a CVSS score,...

8.8CVSS9AI score0.08523EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2023/01/02 12:0 a.m.•51 views

Important: bcel security update

The Byte Code Engineering Library Apache Commons BCEL is intended to give users a convenient way to analyze, create, and manipulate binary Java class files those ending with .class. Security Fixes: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-42920 For more...

9.8CVSS9.3AI score0.02836EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•25 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Security Fixes: Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in...

9.8CVSS9.9AI score0.00921EPSS
Exploits0References14
AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•30 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6...

9.8CVSS9.8AI score0.00921EPSS
Exploits0References16
AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•45 views

Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

9.8CVSS1.7AI score0.99615EPSS
Exploits7References4
AlmaLinux
AlmaLinux
•added 2022/12/15 12:0 a.m.•56 views

Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...

9.8CVSS7.9AI score0.21514EPSS
Exploits3References16
Total number of security vulnerabilities5323