5340 matches found
js-d3-flame-graph bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Low: grafana security, bug fix, and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.11. BZ1993214 Security Fixes: grafana: directory traversal vulnerability CVE-2021-43813 For more details...
anaconda bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Moderate: webkit2gtk3 security, bug fix, and enhancement update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...
gdm bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
evince bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
pcp bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Moderate: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
gcc-toolset-11-gcc bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
network-manager-applet bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
fence-agents bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Important: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: psgo: Privilege escalation in 'podman top' CVE-2022-1227 prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 podman: Default...
Moderate: samba security, bug fix, and enhancement update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...
Moderate: fapolicyd security, bug fix, and enhancement update
Fapolicyd File Access Policy Daemon implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights...
Moderate: squid:4 security and bug fix update
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: out-of-bounds read in WCCP protocol data may lead to information disclosure CVE-2021-28116 For more details about the security issues, including the impact, a CV...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...
Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Xwayland is an X server for running X clients under Wayland. The following packages have been upgraded to a later upstream...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Security Fixes: Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen notification bypass...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Security Fixes: Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass...
Important: xmlrpc-c security update
XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC remote procedure call over the Internet. It converts an RPC into an XML document,...
Important: zlib security update
The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...
Moderate: container-tools:2.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: Default inheritable capabilities for linux container should be empty CVE-2022-27649 buildah: Default inheritable capabilities for linux container should be emp...
Moderate: container-tools:3.0 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: podman: Default inheritable capabilities for linux container should be empty CVE-2022-27649 buildah: Default inheritable capabilities for linux container should be emp...
gdm bug fix and enhancement update
The GNOME Display Manager GDM provides the graphical login screen. The screen is shown shortly after boot, after log out, and when switching the current user. Bug Fixes and Enhancements: "DisallowTCP=false" option is not being used by /etc/gdm/custom.conf file BZ2029202...
virt:rhel and virt-devel:rhel bug fix update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
idm:DL1 bug fix update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fixes: Error replacing a replica with CentOS Stream 9 BZ2062404 reinstalling samba client causes winbindd coredump...
pki-core:10.6 bug fix update
The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Bug Fixes: ipa: ERROR: 'Certificate operation cannot be completed: Unable to communicate with CMS 403 BZ2061458...
cloud-init bug fix and enhancement update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: cloud-init writes route6-$DEVICE config with a HEX...
python-suds bug fix and enhancement update
The suds project is a python soap web services client lib. Suds leverages python meta programming to provide an intuitive API for consuming web services. Objectification of types defined in the WSDL is provided without class generation. Programmers rarely need to read the WSDL since services and...
Moderate: mariadb:10.5 security, bug fix, and enhancement update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.5.13, galera 26.4.9. BZ2050546 Security Fixes: mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-215...
Moderate: mariadb:10.3 security and bug fix update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.32, galera 25.3.34. BZ2050543 Security Fixes: mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-21...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: use after free in utfptr2char CVE-2022-1154...
alsa-sof-firmware bug fix and enhancement update
The alsa-sof-firmware package contains firmware binaries for the Sound Open Firmware project. Bug Fixes and Enhancements: Update Intel SOF firmware to 1.9 BZ2044420...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in RDMA listen CVE-2021-4028 kernel: heap out of bounds write in nfdupnetdev.c CVE-2022-25636 For more details about the security issues, including the impact, a CVSS score...
NetworkManager bug fix and enhancement update
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...
device-mapper-multipath bug fix and enhancement update
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Bug Fixes and Enhancements: multipathd.socket is missing start conditions BZ2054877...
sanlock bug fix and enhancement update
The sanlock packages provide a shared storage lock manager. Hosts with shared access to a block device or a file can use sanlock to synchronize their activities. VDSM and libvirt use sanlock to synchronize access to shared devices or files. Bug Fixes and Enhancements: sanlock lockspace stuck in...
Moderate: polkit security update
The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fixes: polkit: file descriptor leak allows an unprivileged user to cause a crash...
microcode_ctl bug fix and enhancement update
The microcodectl packages provide microcode updates for Intel and AMD processors. Bug Fixes and Enhancements: Update Intel CPU microcode to the microcode-20220204 release, which addresses CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 BZ2049541, BZ2049553, BZ2049570...
mingw-glib2 bug fix and enhancement update
The mingw-glib2 package provides the MinGW Windows Glib2 library. Bug Fixes and Enhancements: qemu-ga-win Get error 'Failed to execute helper program No such file or directory' after executing command 'guest-exec' BZ2034959...
Important: gzip security update
The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...
Important: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted...
Important: java-11-openjdk security update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPa...
Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...
.NET 5.0 on AlmaLinux 8 bugfix update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET 5.0 to SDK 5.0.213 and Runtime 5.0.16 almalinux-8.5.0.z BZ2072003...
.NET Core 3.1 on AlmaLinux 8 bugfix update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET Core 3.1 to SDK 3.1.418 and Runtime 3.1.24 None8.5.0.z BZ2073450...
.NET 6.0 on AlmaLinux 8 bugfix update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fixes and Enhancements: Update .NET 6.0 to SDK 6.0.104 and Runtime 6.0.4 None8.5.0.z BZ2073446...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Security Fixes: Mozilla: Use-after-free in NSSToken objects CVE-2022-1097 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions CVE-2022-28281 Mozilla: Memory safety bug...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.8.0 ESR. Security Fixes: Mozilla: Use-after-free in NSSToken objects CVE-2022-1097 Mozilla: Out of bounds write due to unexpected WebAuthN...
Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Infinite loop in BNmodsqrt reachable when parsing certificates CVE-2022-0778 For more details abo...