5323 matches found
Important: libksba security update
KSBA pronounced Kasbah is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Security Fixes: libksba: integer overflow may lead to remote code execution CVE-2022-3515 For more details about th...
Moderate: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Security Fixes: Mozilla: Same-origin policy violation could have leaked cross-origin URLs CVE-2022-42927 Mozilla: Memory Corruption ...
Moderate: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...
Moderate: java-11-openjdk security and bug fix update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Security Fixes: Mozilla: Same-origin policy violation could have leaked cross-origin URLs CVE-2022-42927 Mozilla: Memory Corruption ...
Moderate: java-11-openjdk security and bug fix update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...
Moderate: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper MultiByte conversion can lead to buffer overflow JGSS, 8286077 CVE-2022-21618 OpenJDK: excessive memory allocation in X.509 certificate...
Moderate: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score,...
Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.17.1. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score,...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security...
Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodej...
Moderate: .NET 6.0 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10...
Moderate: .NET 6.0 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10...
Moderate: .NET Core 3.1 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30...
Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...
Moderate: gnutls and nettle security, bug fix, and enhancement update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...
Important: squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...
Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...
Moderate: prometheus-jmx-exporter security update
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 For more details about the security issues,...
Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...
Important: bind9.16 security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fixes: Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...
Moderate: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.36.7. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-328...
Moderate: ruby security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...
Moderate: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For...
Moderate: dbus-broker security update
dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features...
Moderate: gnupg2 security update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fixes: gpg: Signature spoofing via status line injection CVE-2022-34903 For more details about the security issues, including the impact, a CVSS...
Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
Moderate: mysql security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. BZ2122589 Security Fixes: mysql: Server: Optimizer multiple...
Moderate: .NET 6.0 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9...
Moderate: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.36.7. Security Fixes: webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-328...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...
Moderate: .NET 6.0 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9...
Moderate: .NET Core 3.1 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29...
Moderate: mariadb:10.3 security and bug fix update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.35, galera 25.3.35. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint...
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS...
Moderate: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: ruby:3.0 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS CVE-2022-21125 Incomplete cleanup in specific special regist...