Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•28 views

Low: virt-v2v security, bug fix, and enhancement update

The virt-v2v package provides a tool for converting virtual machines to use the KVM Kernel-based Virtual Machine hypervisor or AlmaLinux Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use...

6.5CVSS6.7AI score0.00774EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•31 views

Moderate: libtirpc security update

The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call TI-RPC documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fixes: libtirpc: DoS vulnerability with lots of connections CVE-2021-46828 For...

7.5CVSS7.6AI score0.02088EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•24 views

Low: guestfs-tools security, bug fix, and enhancement update

guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Security Fixes: libguestfs: Buffer overflow in getkeys lea...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•37 views

Moderate: toolbox security and bug fix update

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang...

7.5CVSS7.6AI score0.01618EPSS
Exploits1References10
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•75 views

Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.5CVSS7.6AI score0.02462EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•25 views

Moderate: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access CVE-2022-2319 xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension CVE-2022-2320 For more details about...

7.8CVSS7.8AI score0.00573EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•23 views

Low: swtpm security and bug fix update

SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs. Security Fixes: swtpm: Unchecked header size indicator against expected size CVE-2022-23645 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.2CVSS5.5AI score0.00404EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•21 views

Moderate: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

8.8CVSS8.8AI score0.01825EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•40 views

Important: mingw-zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...

7.5CVSS7.5AI score0.51733EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•39 views

Important: qatzip bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

7.8CVSS6.8AI score0.00251EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•24 views

Moderate: logrotate security update

The logrotate utility simplifies the administration of multiple log files by allowing their automatic rotation, compression, removal, and mailing. Security Fixes: logrotate: potential DoS from unprivileged users via the state file CVE-2022-1348 For more details about the security issues, includin...

6.5CVSS6.5AI score0.0149EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•33 views

Low: mingw-glib2 security and bug fix update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: gfilereplace with...

5.3CVSS6.8AI score0.02622EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•33 views

Low: libvirt security, bug fix, and enhancement update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version:...

4.3CVSS5.3AI score0.01024EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•32 views

Moderate: frr security, bug fix, and enhancement update

FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. The following packages have been upgraded to a later upstream version: frr 8.2.2. BZ2069563 Security Fixes: frrouting: overflow bugs in...

7.8CVSS7.8AI score0.01007EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•29 views

Moderate: dnsmasq security and bug fix update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: Heap use after free in dhcp6norelay CVE-2022-0934 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.9AI score0.01487EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•26 views

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: buffer overflow in uudecoder function CVE-2022-1328 For more details about the...

5.3CVSS6.2AI score0.01711EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•33 views

Moderate: dotnet7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.100 RC 2 and .NET Runtime 7.0.0 R...

7.8CVSS7.7AI score0.01057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•62 views

Moderate: qemu-kvm security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm 7.0.0...

8.2CVSS7.9AI score0.0053EPSS
Exploits4References10
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•60 views

Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header...

7.5CVSS7.6AI score0.01618EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•92 views

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS8AI score0.03931EPSS
Exploits6References16
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•37 views

Moderate: xorg-x11-server security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access CVE-2022-2319 xorg-x11-server:...

7.8CVSS7.7AI score0.00573EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•54 views

Low: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: incorrect handling of inheritable capabilities CVE-2022-29162 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS7.6AI score0.00386EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•40 views

Moderate: 389-ds-base security, bug fix, and enhancement update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base 2.1.3...

7.5CVSS7.2AI score0.05914EPSS
Exploits4References8
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•36 views

Moderate: unbound security, bug fix, and enhancement update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. The following packages have been upgraded to a later upstream version: unbound 1.16.2. BZ2087120 Security Fixes: unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of...

6.5CVSS7AI score0.00868EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•45 views

Important: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.15. BZ2055349 Security Fixes: sanitize-url: XSS due to improper sanitization in sanitizeUrl function...

8.8CVSS8.3AI score0.05994EPSS
Exploits5References32
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•38 views

Moderate: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

6.8CVSS6.7AI score0.0325EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/15 12:0 a.m.•44 views

Moderate: dhcp security and enhancement update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

6.8CVSS7.2AI score0.0325EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/14 12:0 a.m.•47 views

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Regression of CVE-2022-41974 fix in AlmaLinux CVE-2022-3787 For more details about the security issues, including the impact,...

7.8CVSS7.8AI score0.00606EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•29 views

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fixes: mutt: buffer overflow in uudecoder function CVE-2022-1328 For more details about the...

5.3CVSS0.7AI score0.01711EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•50 views

Low: Image Builder security, bug fix, and enhancement update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

7.5CVSS7.8AI score0.0198EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•26 views

Moderate: flatpak-builder security and bug fix update

Flatpak-builder is a tool for building flatpaks from sources. Security Fixes: flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory CVE-2022-21682 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

7.7CVSS6.8AI score0.01666EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•43 views

Moderate: dnsmasq security and bug fix update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: Heap use after free in dhcp6norelay CVE-2022-0934 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS0.1AI score0.01487EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•63 views

Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header...

7.5CVSS7.6AI score0.01618EPSS
Exploits2References14
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•25 views

Moderate: e2fsprogs security and bug fix update

The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fixes: e2fsprogs: out-of-bounds read/write via crafted filesystem CVE-2022-1304 For more details about the security issues, including the impact, ...

7.8CVSS1.2AI score0.01382EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•32 views

Moderate: libldb security, bug fix, and enhancement update

The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb 2.5.2. BZ2077484 Security Fixes: samba: AD users can induce a use-after-free ...

5.4CVSS6.9AI score0.01064EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•49 views

Moderate: xmlrpc-c security update

XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...

9.8CVSS9.3AI score0.04829EPSS
Exploits1References16
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•93 views

Moderate: rsync security and enhancement update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

9.8CVSS9.7AI score0.1593EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•41 views

Moderate: freetype security update

FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fixes: FreeType: Buffer overflow in sfntinitface CVE-2022-27404 FreeType: Segmentation violation via FNTSizeRequest CVE-2022-27405...

9.8CVSS9AI score0.03243EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•27 views

Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: dovecot...

8.8CVSS9.1AI score0.01748EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•25 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.5CVSS7.6AI score0.00965EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•20 views

Important: pki-core:10.6 and pki-deps:10.6 security and bug fix update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.6AI score0.85323EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•122 views

Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

7.8CVSS7.5AI score0.02189EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•62 views

Moderate: php:7.4 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.30, php-pear 1.10.13. BZ2055422 Security Fixes: php: Special character breaks path in xml parsing CVE-2021-21707 php: Use after free...

9.8CVSS8.6AI score0.73377EPSS
Exploits2References8
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•36 views

Low: openjpeg2 security update

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fixes: openjpeg: segmentation fault in opj2decompress due to uninitialized pointer CVE-2022-1122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.5CVSS1.5AI score0.01078EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•31 views

Moderate: xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: X.Org Server ProcXkbSetGeometry...

7.8CVSS7.8AI score0.00573EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•40 views

Moderate: container-tools:4.0 security and bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc: incorrect handlin...

7.8CVSS9AI score0.03931EPSS
Exploits1References8
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•38 views

Moderate: yajl security update

Yet Another JSON Library YAJL is a small event-driven SAX-style JSON parser written in ANSI C and a small validating JSON generator. Security Fixes: yajl: heap-based buffer overflow when handling large inputs due to an integer overflow CVE-2022-24795 For more details about the security issues,...

7.5CVSS8AI score0.03472EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•38 views

Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: A logic error in the Hints::Hints function can cause denial of service CVE-2022-27337 For more details about the security issues, including the impact, a CVSS score,...

6.5CVSS6.6AI score0.01547EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•27 views

Moderate: openblas security update

OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fixes: lapack: Out-of-bounds read in larrv CVE-2021-4048 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages liste...

9.1CVSS1.3AI score0.0262EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•33 views

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Denial of Service via crafted TIFF file CVE-2022-0561 libtiff: Null source pointer lead to Denial of Service via crafted TIFF file CVE-2022-0562 libtiff: reachable...

7.7CVSS7.4AI score0.01542EPSS
Exploits9References20
Total number of security vulnerabilities5323