Lucene search
K
AlmalinuxRecent

5323 matches found

AlmaLinux
AlmaLinux
•added 2022/07/07 12:0 a.m.•28 views

Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

6.5CVSS6.9AI score0.0362EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/07 12:0 a.m.•35 views

Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

6.5CVSS0.1AI score0.0362EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•34 views

Moderate: qemu-kvm security and bug fix update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: virtio-net: map leaking on error during receive CVE-2022-26353 QEMU:...

7.5CVSS6.6AI score0.02701EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•91 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Use of Out-of-range Pointer Offset in vim CVE-2022-0554 vim: Heap-based Buffer Overflow occurs in vim CVE-2022-0943 vim: Out-of-range Pointer Offset CVE-2022-1420 vim: heap buffer overflow CVE-2022-1621 vim:...

8.4CVSS8.1AI score0.02303EPSS
Exploits6References14
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•25 views

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Security Fixes: Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 Mozilla: Use-after-free in nsSHistory CVE-2022-34470...

9.8CVSS9.5AI score0.23941EPSS
Exploits1References20
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•39 views

Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

6.5CVSS6.5AI score0.01877EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•78 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: race condition in perfeventopen leads to privilege escalation...

8.2CVSS8.1AI score0.05524EPSS
Exploits7References10
AlmaLinux
AlmaLinux
•added 2022/07/01 12:0 a.m.•32 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8.8AI score0.04654EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•64 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...

7.8CVSS7.7AI score0.05524EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•22 views

Moderate: libinput security update

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fixes: libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 For more details about the security issues, including the...

7.8CVSS8AI score0.00364EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•41 views

Moderate: libgcrypt security update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: ElGamal implementation allows plaintext recovery CVE-2021-40528 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.9CVSS2.1AI score0.01423EPSS
Exploits1References4
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•36 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS8.8AI score0.04654EPSS
Exploits0References6
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•59 views

Low: compat-openssl10 security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. Security Fixes: compat-openssl10:...

7.5CVSS2.9AI score0.70561EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•59 views

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...

8.1CVSS7.5AI score0.03425EPSS
Exploits4References10
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•37 views

ALSA-2022:5468: php:8.0 security update (Important)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9.1AI score0.5838EPSS
Exploits2References4
AlmaLinux
AlmaLinux
•added 2022/06/30 12:0 a.m.•97 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: heap buffer overflow CVE-2022-1621 vim: buffer over-read CVE-2022-1629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

7.8CVSS3AI score0.02303EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/06/28 12:0 a.m.•45 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: race...

8.2CVSS8AI score0.05524EPSS
Exploits7References10
AlmaLinux
AlmaLinux
•added 2022/06/28 12:0 a.m.•38 views

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915...

7.8CVSS7.8AI score0.05524EPSS
Exploits2References6
AlmaLinux
AlmaLinux
•added 2022/06/16 12:0 a.m.•38 views

Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a...

8.1CVSS6.8AI score0.01284EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2022/06/16 12:0 a.m.•38 views

Important: grub2, mokutil, shim, and shim-unsigned-x64 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a...

8.1CVSS6.9AI score0.01284EPSS
Exploits0References18
AlmaLinux
AlmaLinux
•added 2022/06/13 12:0 a.m.•33 views

Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

8.8CVSS0.7AI score0.04271EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/06/08 12:0 a.m.•29 views

Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

8.8CVSS8.9AI score0.04271EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/31 7:56 a.m.•40 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.11. Security Fixes: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 For more...

8.8CVSS3.1AI score0.12403EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/30 11:39 a.m.•36 views

Important: postgresql:10 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 10.21. Security Fixes: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 For more...

8.8CVSS3.1AI score0.12403EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/30 11:39 a.m.•88 views

Important: maven:3.6 security update

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

9.8CVSS9.4AI score0.04031EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/30 11:39 a.m.•64 views

Important: maven:3.5 security update

The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

9.8CVSS9.4AI score0.04031EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/30 7:24 a.m.•37 views

Important: rsyslog security update

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fixes: rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 For...

8.1CVSS8.4AI score0.03821EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/30 7:22 a.m.•38 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...

9.8CVSS1.2AI score0.02534EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2022/05/27 6:28 p.m.•31 views

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla:...

8.8CVSS1.4AI score0.26709EPSS
Exploits0References3
AlmaLinux
AlmaLinux
•added 2022/05/27 6:24 p.m.•40 views

Critical: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla: Prototype pollution in Top-Level Await implementati...

8.8CVSS1.5AI score0.26709EPSS
Exploits0References3
AlmaLinux
AlmaLinux
•added 2022/05/25 7:43 a.m.•16 views

sos bug fix and enhancement update

The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: sos collect fails to get node list from a pacemaker cluster BZ2071695 Tracke...

7AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/23 12:10 p.m.•14 views

cloud-init bug fix update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fix: Previously, cloud-init incorrectly handled SSH keys containing \r\n...

1AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/18 1:52 p.m.•35 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.7AI score0.02059EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/18 12:0 a.m.•38 views

Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.7AI score0.02059EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/12 1:15 p.m.•31 views

Important: subversion:1.10 security update

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: Subversion's moddavsvn is vulnerable to memory corruption...

7.5CVSS7.1AI score0.09254EPSS
Exploits0References2
AlmaLinux
AlmaLinux
•added 2022/05/11 1:24 p.m.•42 views

Important: .NET Core 3.1 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core...

7.5CVSS7.5AI score0.05041EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/11 1:23 p.m.•45 views

Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

7.5CVSS1.5AI score0.51733EPSS
Exploits1References2
AlmaLinux
AlmaLinux
•added 2022/05/11 1:22 p.m.•69 views

Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

7.5CVSS7.5AI score0.05041EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/11 1:20 p.m.•68 views

Important: .NET 6.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core...

7.5CVSS7.5AI score0.05041EPSS
Exploits0References4
AlmaLinux
AlmaLinux
•added 2022/05/10 3:0 p.m.•36 views

sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•34 views

java-1.8.0-openjdk bug fix and enhancement update

This erratum reinstates changes made to java-1.8.0-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•24 views

java-11-openjdk bug fix and enhancement update

This erratum reinstates changes made to java-11-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•28 views

osbuild-composer bug fix and enhancement update

The osbuild-composer package is a service for building customized OS artifacts, such as virtual machine VM images and OSTree commits. Apart from building images for local usage, it can also upload images directly to cloud. The package is compatible with composer-cli and cockpit-composer clients...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•19 views

java-17-openjdk bug fix and enhancement update

This erratum reinstates changes made to java-17-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...

6.9AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•17 views

container-tools:4.0 bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix: Udica crashes when processing inspect file without capabilities BZ2077474...

7.1AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•54 views

Important: container-tools:3.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: psgo: Privilege escalation in 'podman top' CVE-2022-1227 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS2.6AI score0.04238EPSS
Exploits2References2
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•24 views

.NET Core 3.1 bugfix update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.418 and Runtime 3.1.24 almalinux-8.6.0.z BZ2074654...

6.8AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•18 views

container-tools:rhel8 bug fix update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: Udica crashes when processing inspect file without capabilities BZ2077472...

7.1AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:59 p.m.•19 views

tlog bug fix and enhancement update

Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...

7AI score
Exploits0References1
AlmaLinux
AlmaLinux
•added 2022/05/10 2:58 p.m.•23 views

rhel-system-roles bug fix and enhancement update

The rhel-system-roles package includes a collection of Ansible roles and modules that provide a stable and consistent configuration interface for managing multiple versions of AlmaLinux. Bug Fixes and Enhancements: Tlog role - Enabling session recording configuration does not work due to RHEL9 SS...

7AI score
Exploits0References1
Total number of security vulnerabilities5323