Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•42 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

6.1CVSS1.2AI score0.00764EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•41 views

Moderate: dotnet7.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.100 RC 2 and .NET Runtime 7.0.0 R...

7.8CVSS7.7AI score0.01057EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•36 views

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8CVSS7.9AI score0.07017EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•43 views

Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8CVSS7.9AI score0.07017EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•74 views

Moderate: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functio...

8.8CVSS9.2AI score0.03668EPSS
Exploits1References24
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•35 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•185 views

Moderate: nodejs:14 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection...

8.2CVSS8.5AI score0.21514EPSS
Exploits3References12
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•75 views

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...

9.8CVSS8.6AI score0.90407EPSS
Exploits2References22
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•30 views

Moderate: qt5 security, bug fix, and enhancement update

The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform application framework. The following packages have been upgraded to a later upstream version: qt5 5.15.3. BZ2061377 Security Fixes: qt: QProcess could execute a binary from the current working directory when not found in...

7.8CVSS7.9AI score0.00334EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•33 views

Moderate: fribidi security update

FriBidi is a library to handle bidirectional scripts for example Hebrew, Arabic, so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fixes: fribidi: Stack based buffer overflow CVE-2022-25308 fribidi: Heap-buffer-overflow in...

7.8CVSS7.2AI score0.00508EPSS
Exploits3References8
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•22 views

Moderate: gdisk security update

The gdisk packages provide the gdisk partitioning utility for GUID Partition Table GPT disks. The utility features a command-line interface similar to fdisk, direct manipulation of partition table structures, recovery tools to deal with corrupt partition tables, and the ability to convert Master...

7.2CVSS0.7AI score0.00436EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•38 views

Important: qatzip bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

7.8CVSS6.8AI score0.00251EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•41 views

Low: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: possible information disclosure and modification CVE-2022-2989 buildah: possible information disclosure and modification CVE-2022-2990 For more details about t...

7.1CVSS7AI score0.00331EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•23 views

Moderate: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

8.8CVSS1.6AI score0.01825EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•46 views

Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 Race condition in VTRESIZEX ioctl when vcconsi.d is...

8.6CVSS8.2AI score0.12746EPSS
Exploits30References52
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•35 views

Moderate: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: protobuf: Incorrect...

6.5CVSS2.5AI score0.0266EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•30 views

Low: wavpack security update

WavPack is a completely open audio compression format providing lossless, high-quality lossy and a unique hybrid compression mode. Security Fixes: wavpack: Heap out-of-bounds read in WavpackPackSamples CVE-2021-44269 For more details about the security issues, including the impact, a CVSS score,...

5.5CVSS1.5AI score0.01155EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•53 views

Important: mingw-expat security update

Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packages have been upgraded to a later upstream version: mingw-expat 2.4.8. BZ2057023, BZ2057037, BZ2057127 Security Fixes: expat: Malformed 2- and 3-byte UTF-8...

9.8CVSS9.7AI score0.34174EPSS
Exploits1References14
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•30 views

Moderate: gstreamer1-plugins-good security update

GStreamer is a streaming media framework based on graphs of filters that operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fixes: gstreamer-plugins-good: Use-after-free in matroska...

7.8CVSS7.7AI score0.01219EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•44 views

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fixes: python: mailcap: findmatch function does not sanitize the second argument CVE-2015-20107. For more details abo...

8CVSS7.9AI score0.07017EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•53 views

Moderate: php:8.0 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.20. BZ2100876 Security Fixes: php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in...

9.8CVSS9.6AI score0.03437EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•58 views

Important: mingw-zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...

7.5CVSS7.5AI score0.51733EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•29 views

Moderate: unbound security, bug fix, and enhancement update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. The following packages have been upgraded to a later upstream version: unbound 1.16.2. BZ2027735 Security Fixes: unbound: the novel ghost domain where malicious users to trigger continued resolvability of...

6.5CVSS7AI score0.00868EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•44 views

Moderate: container-tools:3.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang...

7.8CVSS8.2AI score0.05994EPSS
Exploits4References22
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•44 views

Moderate: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.15. BZ2055348 Security Fixes: sanitize-url: XSS due to improper sanitization in sanitizeUrl function...

8.8CVSS8.3AI score0.05994EPSS
Exploits5References32
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•32 views

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

6.8CVSS6.7AI score0.0325EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•72 views

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36516 race condition in VTRESIZEX ioctl when vcconsi.d is already NULL leading to NULL pointer dereference...

8.6CVSS7.9AI score0.12746EPSS
Exploits30References54
AlmaLinux
AlmaLinux
•added 2022/11/08 12:0 a.m.•28 views

Moderate: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

6.8CVSS7.2AI score0.0325EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•24 views

Important: pki-core security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.7AI score0.85323EPSS
Exploits3References4
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•44 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...

7.8CVSS7.6AI score0.01284EPSS
Exploits4References6
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•62 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...

7.8CVSS7.4AI score0.01284EPSS
Exploits4References6
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•83 views

Moderate: zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 For more details about the...

9.8CVSS9.9AI score0.1593EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•43 views

Moderate: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.8AI score0.03213EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/11/02 12:0 a.m.•25 views

Moderate: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overflow in luaGerrormsg in ldebug.c due to uncontrolled recursion i...

7.5CVSS8.2AI score0.025EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/11/01 12:0 a.m.•58 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full strength general purpose cryptography library. Security Fixes: OpenSSL: X.509 Email Address Buffer Overflow CVE-2022-3602 OpenSSL: X.509 Email Address Variable Length...

7.5CVSS7.8AI score0.92488EPSS
Exploits6References6
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•31 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fixes: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 Mozilla: Matrix SDK bundled with...

8.8CVSS8.7AI score0.01001EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•36 views

Moderate: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: Extension scripts replace objects not belonging to the extension. CVE-2022-2625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8CVSS7.9AI score0.0152EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•32 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fixes: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 Mozilla: Matrix SDK bundled with...

8.8CVSS8.8AI score0.01001EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•35 views

Moderate: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: SIGSEGV in syncrepl CVE-2022-2850 For more details about the securi...

6.5CVSS6.7AI score0.01238EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•43 views

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 For more...

7.8CVSS7.8AI score0.00606EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•39 views

Moderate: sqlite security update

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

9.8CVSS8.9AI score0.01067EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•112 views

Moderate: zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field CVE-2022-37434 For more details about the...

9.8CVSS9.9AI score0.1593EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•37 views

Moderate: samba security and bug fix update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: server memory information leak via SMB1...

4.3CVSS6.9AI score0.0099EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•36 views

Important: device-mapper-multipath security update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 For more...

7.8CVSS7.8AI score0.00606EPSS
Exploits4References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•69 views

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 Information leak in scsiioctl CVE-2022-0494 A kernel-info-leak issue in pfkeyregister CVE-2022-13...

7.8CVSS7.6AI score0.06214EPSS
Exploits7References15
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•77 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: a use-after-free in clsroute filter implementation may lead to privilege escalation CVE-2022-2588 kernel: information leak in...

7.8CVSS7.4AI score0.06214EPSS
Exploits7References15
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•39 views

Moderate: git-lfs security and bug fix update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...

7.5CVSS7.7AI score0.02607EPSS
Exploits5References20
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•27 views

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Double free during gnutlspkcs7verify. CVE-2022-2509 For more details about the security issues, including the...

7.5CVSS7.8AI score0.01492EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/10/25 12:0 a.m.•43 views

Moderate: mysql:8.0 security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. Security Fixes: mysql: Server: DML multiple unspecified...

7.1CVSS7.2AI score0.03384EPSS
Exploits0References226
AlmaLinux
AlmaLinux
•added 2022/10/24 12:0 a.m.•28 views

Important: libksba security update

KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fixes: libksba: integer overflow may lead to remote code execution CVE-2022-3515 For more details about th...

9.8CVSS10AI score0.01635EPSS
Exploits1References4
Total number of security vulnerabilities5323