5323 matches found
Moderate: nodejs:14 security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...
Moderate: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: ruby:3.0 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: Incomplete cleanup of multi-core shared buffers aka SBDR CVE-2022-21123 Incomplete cleanup of microarchitectural fill buffers aka SBDS...
Important: open-vm-tools security update
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: local root privilege escalation in the virtual...
Important: open-vm-tools security update
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: local root privilege escalation in the virtual...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 For more details about the security issues, including the impact, a CVS...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: obtaining an authentication token for hacluster user could lead to privilege escalation CVE-2022-2735 For more details about the security issues, including the impact, a CVS...
Moderate: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification...
Important: systemd security update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-3847...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP compression denial of service CVE-2022-32206 curl: FTP-KRB bad message verification CVE-2022-32208 For more...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fixes: Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions CVE-2022-3847...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP compression denial of service CVE-2022-32206 curl: Unpreserved file permissions CVE-2022-32207 curl: FTP-KRB bad...
Important: rsync security update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: .NET 6.0 security, bug fix, and enhancement update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...
Moderate: .NET Core 3.1 security, bug fix, and enhancement update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28...
Moderate: .NET 6.0 security, bug fix, and enhancement update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: information leak in scsiioctl CVE-2022-0494 use-after-free in tcnewtfilter in net/sched/clsapi.c CVE-2022-1055 For more details about the...
Moderate: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.11, mariadb 10.5.16, mysql-selinux 1.0.5. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigge...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Out-of-bounds Write CVE-2022-1785 vim: out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 vim: buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 For more details about the security issues,...
Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: information leak in scsiioctl CVE-2022-0494 use-after-free in tcnewtfilter in net/sched/clsapi.c CVE-2022-1055 For more details about the security issues, including the impact, a CVSS score,...
Important: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: a use-after-free write in the netfilter subsystem can lead to...
Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: the crehash script allows command...
Moderate: pcre2 security update
The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fixes: pcre2: Out-of-bounds read in compilexclassmatchingpath in pcre2jitcompile.c CVE-2022-15...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Out-of-bounds Write CVE-2022-1785 vim: out-of-bounds write in vimregsubboth in regexp.c CVE-2022-1897 vim: buffer over-read in utfptr2char in mbyte.c CVE-2022-1927 For more details about the security issues,...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: a...
Moderate: 389-ds:1.4 security update
389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: sending crafted message could result in DoS CVE-2022-0918...
Moderate: mariadb:10.5 security, bug fix, and enhancement update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera 26.4.11, mariadb 10.5.16. Security Fixes: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint...
Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled...
Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in...
Important: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled resources reflected URL parameters CVE-2022-36318...
Important: java-17-openjdk security, bug fix, and enhancement update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk 17.0.4.0.8. BZ2084779 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: OAuth account takeover CVE-2022-31107 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: OAuth account takeover CVE-2022-31107 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: java-11-openjdk security, bug fix, and enhancement update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk 11.0.16.0.8. BZ2084777 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084776 Security Fixes: OpenJDK: integer truncation issue in...
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084648 Security Fixes: OpenJDK: integer truncation issue in...
Important: java-11-openjdk security, bug fix, and enhancement update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk 11.0.16.0.8. BZ2084649 Security Fixes: OpenJDK: integer truncation issue in Xalan-J...
Important: pandoc security update
Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm GitHub's extended version of the C reference implementation of CommonMark for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including...