5323 matches found
Important: squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when processing gopher server responses CVE-2021-46784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Moderate: qemu-kvm security and bug fix update
Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: virtio-net: map leaking on error during receive CVE-2022-26353 QEMU:...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Use of Out-of-range Pointer Offset in vim CVE-2022-0554 vim: Heap-based Buffer Overflow occurs in vim CVE-2022-0943 vim: Out-of-range Pointer Offset CVE-2022-1420 vim: heap buffer overflow CVE-2022-1621 vim:...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Security Fixes: Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 Mozilla: Use-after-free in nsSHistory CVE-2022-34470...
Moderate: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: race condition in perfeventopen leads to privilege escalation...
Moderate: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...
Moderate: libinput security update
libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fixes: libinput: format string vulnerability may lead to privilege escalation CVE-2022-1215 For more details about the security issues, including the...
Moderate: libgcrypt security update
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: ElGamal implementation allows plaintext recovery CVE-2021-40528 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: stack exhaustion in doctype parsing CVE-2022-25313 expat: integer overflow in copyString CVE-2022-25314 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Low: compat-openssl10 security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. Security Fixes: compat-openssl10:...
Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl:...
ALSA-2022:5468: php:8.0 security update (Important)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: heap buffer overflow CVE-2022-1621 vim: buffer over-read CVE-2022-1629 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak CVE-2022-1012 kernel: race...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915...
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a...
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a...
Important: xz security update
XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...
Important: xz security update
XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...
Important: postgresql:12 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.11. Security Fixes: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 For more...
Important: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 10.21. Security Fixes: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox CVE-2022-1552 For more...
Important: maven:3.6 security update
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
Important: maven:3.5 security update
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
Important: rsyslog security update
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fixes: rsyslog: Heap-based overflow in TCP syslog server CVE-2022-24903 For...
Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...
Critical: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla:...
Critical: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla: Prototype pollution in Top-Level Await implementati...
sos bug fix and enhancement update
The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: sos collect fails to get node list from a pacemaker cluster BZ2071695 Tracke...
cloud-init bug fix update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fix: Previously, cloud-init incorrectly handled SSH keys containing \r\n...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 For more details about the security issues, including the impact, a CVSS score,...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possible outside of publicdir when serving static files CVE-2022-29970 For more details about the security issues, including the impact, a CVSS score,...
Important: subversion:1.10 security update
Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: Subversion's moddavsvn is vulnerable to memory corruption...
Important: .NET Core 3.1 security, bug fix, and enhancement update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core...
Important: rsync security update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
Important: .NET 5.0 security, bug fix, and enhancement update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...
Important: .NET 6.0 security, bug fix, and enhancement update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core...
sssd bug fix and enhancement update
The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...
java-1.8.0-openjdk bug fix and enhancement update
This erratum reinstates changes made to java-1.8.0-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...
java-11-openjdk bug fix and enhancement update
This erratum reinstates changes made to java-11-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...
osbuild-composer bug fix and enhancement update
The osbuild-composer package is a service for building customized OS artifacts, such as virtual machine VM images and OSTree commits. Apart from building images for local usage, it can also upload images directly to cloud. The package is compatible with composer-cli and cockpit-composer clients...
java-17-openjdk bug fix and enhancement update
This erratum reinstates changes made to java-17-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the...
container-tools:4.0 bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix: Udica crashes when processing inspect file without capabilities BZ2077474...
Important: container-tools:3.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: psgo: Privilege escalation in 'podman top' CVE-2022-1227 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
.NET Core 3.1 bugfix update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.418 and Runtime 3.1.24 almalinux-8.6.0.z BZ2074654...
container-tools:rhel8 bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fixes: Udica crashes when processing inspect file without capabilities BZ2077472...
tlog bug fix and enhancement update
Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...
rhel-system-roles bug fix and enhancement update
The rhel-system-roles package includes a collection of Ansible roles and modules that provide a stable and consistent configuration interface for managing multiple versions of AlmaLinux. Bug Fixes and Enhancements: Tlog role - Enabling session recording configuration does not work due to RHEL9 SS...