5323 matches found
Moderate: nodejs:16 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...
Important: prometheus-jmx-exporter security update
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...
Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1. BZ2142809, BZ2142830, BZ2142834, BZ2142856 Security Fixes: nodejs-minimatch...
Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1, nodejs-nodemon 2.0.20. BZ2142818 Security Fixes: nodejs-minimatch: ReDoS vi...
Important: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
Important: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: Request Forgery Vulnerability CVE-2022-45060 For more details about th...
Important: varnish:6 security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: Request Forgery Vulnerability CVE-2022-45060 For more details about th...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404 Mozilla:...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404 Mozilla:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen...
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python39:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: webkit2gtk3 security and bug fix update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22628 webkitgtk: Buffer overflow leading to...
Moderate: rsync security and bug fix update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file CVE-2022-0562 libtiff: reachable...
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 use-after-free vulnerability in function scosocksendmsg CVE-2021-3640 smb2ioctlqueryinfo NULL pointer dereferenc...
Important: dpdk security and bug fix update
The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...
Low: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...
Moderate: ignition security, bug fix, and enhancement update
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
Moderate: php security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.20. BZ2095752 Security Fixes: php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in...
Moderate: skopeo security and bug fix update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: containers/storage: DoS via malicious image CVE-2021-20291 golang: math/big.Rat: may cause a panic or an unrecoverable fatal erro...
Moderate: samba security, bug fix, and enhancement update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...
Low: speex security update
Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates. Security Fixes: speex: divide by zero in readsamples via crafted WAV file CVE-2020-23903 For more details about the security issues, including the impact, a CVSS...
Moderate: fribidi security update
FriBidi is a library to handle bidirectional scripts for example Hebrew, Arabic, so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fixes: fribidi: Stack based buffer overflow CVE-2022-25308 fribidi: Heap-buffer-overflow in...
Moderate: flac security update
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files...
Low: redis security and bug fix update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Moderate: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: exception handling and impedance match in tornadorequests CVE-2022-3500 For more details about the security issues, including the impact, a CVSS score,...
Low: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible...
Moderate: gimp security and enhancement update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: buffer...
Moderate: qt5 security and bug fix update
The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. Security Fixes: qt: QProcess could execute a binary from the current working directory when not found in the PATH CVE-2022-25255 For more details about the security issues, including the impact, a...
Moderate: yajl security update
Yet Another JSON Library YAJL is a small event-driven SAX-style JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl: heap-based buffer overflow when handling large inputs due to an integer overflow CVE-2022-24795 For more details about the security issues,...
Moderate: httpd security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...
Moderate: python3.9 security, bug fix, and enhancement update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
Moderate: protobuf security update
The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: protobuf: Incorrect...
Low: wavpack security update
WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fixes: wavpack: Heap out-of-bounds read in WavpackPackSamples CVE-2021-44269 For more details about the security issues, including the impact, a CVSS score,...
Moderate: poppler security and bug fix update
Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: A logic error in the Hints::Hints function can cause denial of service CVE-2022-27337 For more details about the security issues, including the impact, a CVSS score,...
Moderate: dovecot security and enhancement update
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...
Low: openjpeg2 security update
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fixes: openjpeg: segmentation fault in opj2decompress due to uninitialized pointer CVE-2022-1122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Low: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: bad local IPv6 connection reuse CVE-2022-27775 For more details about the security issues, including the impact, a CV...
Moderate: e2fsprogs security update
The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fixes: e2fsprogs: out-of-bounds read/write via crafted filesystem CVE-2022-1304 For more details about the security issues, including the impact, ...
Moderate: harfbuzz security update
HarfBuzz is an implementation of the OpenType Layout engine. Security Fixes: harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc CVE-2022-33068 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Moderate: freetype security update
FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: FreeType: Buffer overflow in sfntinitface CVE-2022-27404 FreeType: Segmentation violation via FNTSizeRequest CVE-2022-27405...
Low: libguestfs security, bug fix, and enhancement update
The libguestfs packages contain a library used for accessing and modifying virtual machine disk images. Security Fixes: libguestfs: Buffer overflow in getkeys leads to DoS CVE-2022-2211 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Important: device-mapper-multipath security update
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 use-after-free vulnerability in function scosocksendmsg...
Low: mingw-gcc security and bug fix update
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: gcc: uncontrolled recursion in libiberty/rust-demangle.c CVE-2021-46195 For more details about the security issues, including the impact, a CVSS score,...
Moderate: libldb security, bug fix, and enhancement update
The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb 2.5.2. BZ2077490 Security Fixes: samba: AD users can induce a use-after-free ...