AlmaLinux OS Errata System 0.0.1 5.10 2026-03-13T16:38:24 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980) * kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905) * kernel: RDMA/mlx5: Fix page_size variable overflow (CVE-2025-22091) * kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) * kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) * kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797) * kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958) * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086) * kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (CVE-2025-38110) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-57980 CVE-2025-21905 CVE-2025-22085 CVE-2025-22091 CVE-2025-22113 CVE-2025-22121 CVE-2025-37797 CVE-2025-37958 CVE-2025-38086 CVE-2025-38110 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9675 The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-36387 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237) * openssl: denial of service via null dereference (CVE-2024-0727) * edk2: Temporary DoS vulnerability (CVE-2024-1298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6129 CVE-2023-6237 CVE-2024-0727 CVE-2024-1298 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (CVE-2025-21867) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: net: fix udp gso skb_segment after pull from frag_list (CVE-2025-38124) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush() (CVE-2025-38250) * kernel: i2c/designware: Fix an initialization issue (CVE-2025-38380) * kernel: tls: always refresh the queue when reading sock (CVE-2025-38471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-28956 CVE-2025-21867 CVE-2025-38084 CVE-2025-38085 CVE-2025-38124 CVE-2025-38159 CVE-2025-38250 CVE-2025-38380 CVE-2025-38471 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724) * kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864) * kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898) * kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918) * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955) * kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) * kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058) * kernel: ice: ice_adapter: release xa entry on adapter allocation failure (CVE-2025-40185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2025-38724 CVE-2025-39864 CVE-2025-39898 CVE-2025-39918 CVE-2025-39955 CVE-2025-39981 CVE-2025-40058 CVE-2025-40185 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026) * kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087) * kernel: sunrpc: fix client side handling of tls alerts (CVE-2025-38571) * kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566) * kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817) * kernel: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CVE-2025-39849) * kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-50087 CVE-2025-22026 CVE-2025-38566 CVE-2025-38571 CVE-2025-39817 CVE-2025-39841 CVE-2025-39849 The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803) * pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323) * jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45803 CVE-2023-52323 CVE-2024-22195 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192) * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467) * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551) * webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216) * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-44192 CVE-2024-54467 CVE-2024-54551 CVE-2025-24208 CVE-2025-24209 CVE-2025-24216 CVE-2025-30427 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9407 CVE-2024-9675 CVE-2024-9676 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * containers/image: digest type does not guarantee valid type (CVE-2024-3727) * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788) * go-retryable[http:](http:) url might write sensitive information to log file (CVE-2024-6104) * net/[http:](http:) Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-3727 CVE-2024-6104 CVE-2024-24788 CVE-2024-24791 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-34064 LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. Security Fix(es): * lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827) * lldpd: out-of-bounds read when decoding SONMP packets (CVE-2021-43612) * lldpd: CDP PDU Packet cdp.c out-of-bounds read (CVE-2023-41910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-27827 CVE-2021-43612 CVE-2023-41910 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: arbitrary code execution via Lisp macro expansion (CVE-2024-53920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-53920 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: python: Uncontrolled CPU resource consumption when in http.cookies module (CVE-2024-7592) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Low Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-7592 Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Vim path traversal (CVE-2025-53906) * vim: Vim path traversial (CVE-2025-53905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2025-53905 CVE-2025-53906 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: pdfinfo: crash in broken documents when using -dests parameter (CVE-2024-6239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6239 Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption (NBDE) in AlmaLinux. Security Fix(es): * jose: resource exhaustion (CVE-2024-28176) * jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-50967 CVE-2024-28176 Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss. Security Fix(es): * iperf3: possible denial of service (CVE-2023-7250,ESNET-SECADV-2023-0002) * iperf3: vulnerable to marvin attack if the authentication option is used (CVE-2024-26306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-7250 CVE-2024-26306 BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing (uprobes), and tracepoints. The BPFtrace language is inspired by awk and C, and predecessor tracers such as DTrace and SystemTap Security Fix(es): * bpftrace: unprivileged users can force loading of compromised linux headers (CVE-2024-2313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2313 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-53104 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: podman missing TLS verification (CVE-2025-6032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2025-6032 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-7347 This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython. Security Fix(es): * python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-36039 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix(es): * cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command (CVE-2024-34055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-34055 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message (CVE-2024-11159) * firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (CVE-2024-11694) * firefox: thunderbird: Unhandled Exception in Add-on Signature Verification (CVE-2024-11696) * firefox: thunderbird: Select list elements could be shown over another site (CVE-2024-11692) * firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (CVE-2024-11699) * firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (CVE-2024-11695) * firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (CVE-2024-11697) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-11159 CVE-2024-11692 CVE-2024-11694 CVE-2024-11695 CVE-2024-11696 CVE-2024-11697 CVE-2024-11699 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-24788 The python-jwcrypto package provides Python implementations of the JSON Web Key (JWK), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Token (JWT) JOSE (JSON Object Signing and Encryption) standards. Security Fix(es): * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6681 NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Security Fix(es): * NetworkManager: Denial of Service (CVE-2024-6501) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6501 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-36369 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2022-29970 XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1271 The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) * grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap (CVE-2021-3695) * grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling (CVE-2021-3696) * grub2: Crafted JPEG image can lead to buffer underflow write in the heap (CVE-2021-3697) * grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734) * grub2: shim_lock verifier allows non-kernel files to be loaded (CVE-2022-28735) * grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736) * shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554) * vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943) * vim: Out-of-range Pointer Offset (CVE-2022-1420) * vim: heap buffer overflow (CVE-2022-1621) * vim: buffer over-read (CVE-2022-1629) * vim: use after free in utf_ptr2char (CVE-2022-1154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 Expat is a C library for parsing XML documents. Security Fix(es): * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-25313 CVE-2022-25314 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-1966) * kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * make SHA512_arch algos and CRYPTO_USER built-ins (BZ#2072643) * SR-IOV performance > 50% degradation (BZ#2074830) * fix data corruption caused by dm-integrity (BZ#2082187) * SCTP client-side peeloff issues [almalinux-9] (BZ#2084044) * TCP connection fails in a asymmetric routing situation (BZ#2085480) * Fails to boot Multiple RT VMs each with multiple vCPUs (BZ#2086963) * spec: Fix separate tools build (BZ#2090852) * call traces related to eeh_pseries observed and vmcore is not captured, when kdump is triggered (BZ#2092255) * Mark ThunderX NIC driver as unmaintained (BZ#2092638) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1012 CVE-2022-1729 CVE-2022-1966 CVE-2022-27666 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: an out-of-bounds read via the component zipx_lzma_alone_init (CVE-2022-26280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-26280 libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fix(es): * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-1215 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: virtio-net: map leaking on error during receive (CVE-2022-26353) * QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak (CVE-2022-26354) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * AlmaLinux 9.0 guest with vsock device migration failed from AlmaLinux 9.0 > AlmaLinux 8.6 (BZ#2071102) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-26353 CVE-2022-26354 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-1966) * kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.0.z1 Batch (BZ#2089492) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-1012 CVE-2022-1729 CVE-2022-1966 CVE-2022-27666 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8). (BZ#2084777) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [almalinux-9, openjdk-11] (BZ#2099915) * SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [almalinux-9, openjdk-11] (BZ#2107866) * Revert to disabling system security properties and FIPS mode support together [almalinux-9, openjdk-11] (BZ#2107868) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk (1.8.0.342.b07). (BZ#2084776) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [almalinux-9, openjdk-8] (BZ#2099916) * SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [almalinux-9, openjdk-8] (BZ#2107956) * Revert to disabling system security properties and FIPS mode support together [almalinux-9, openjdk-8] (BZ#2107958) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-17-openjdk (17.0.4.0.8). (BZ#2084779) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) * OpenJDK: random exponentials issue (Libraries, 8283875) (CVE-2022-21549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previous AlmaLinux builds of OpenJDK 17 altered the arguments passed to sun.security.pkcs11.wrapper.PKCS11.getInstance() in order to facilitate FIPS support. This build adds an additional form of the method, retaining the original arguments, so that applications which depend on this internal method continue to function with AlmaLinux builds of OpenJDK. (BZ#2099919) * With previous AlmaLinux builds of OpenJDK 17, Mac key generation and import would fail due to the lack of the CKA_SIGN attribute on the key. This attribute is now added as part of the NSS FIPS configuration. (BZ#2105395) * With the release of AlmaLinux, a change was made so that disabling OpenJDK FIPS mode required the use of both the -Djava.security.disableSystemPropertiesFile=true and -Dcom.AlmaLinux.fips=false options, with the intention that FIPS mode could be controlled independently of system security properties. This change has now been reverted and only -Djava.security.disableSystemPropertiesFile=true is required to disable FIPS mode, as in AlmaLinux. (BZ#2107941) * Previous AlmaLinux builds of OpenJDK 17 running in FIPS mode with a SecurityManager would fail due to a lack of module access permissions. This has now been corrected. (BZ#2107943) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Clean up dist-git patches (BZ#2109174) * Update Go to version 1.17.12 (BZ#2109183) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-31626 Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Out-of-bounds Write (CVE-2022-1785) * vim: out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897) * vim: buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.11), mariadb (10.5.16), mysql-selinux (1.0.5). Security Fix(es): * mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used (CVE-2021-46669) * mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer (CVE-2022-24048) * mariadb: lack of validating the existence of an object prior to performing operations on the object (CVE-2022-24050) * mariadb: lack of proper validation of a user-supplied string before using it as a format specifier (CVE-2022-24051) * mariadb: CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability (CVE-2022-24052) * mariadb: assertion failure in Item_args::walk_arg (CVE-2022-27376) * mariadb: use-after-poison when complex conversion is involved in blob (CVE-2022-27377) * mariadb: server crash in create_tmp_table::finalize (CVE-2022-27378) * mariadb: server crash in component arg_comparator::compare_real_fixed (CVE-2022-27379) * mariadb: server crash at my_decimal::operator= (CVE-2022-27380) * mariadb: server crash at Field::set_default via specially crafted SQL statements (CVE-2022-27381) * mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order (CVE-2022-27382) * mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c (CVE-2022-27383) * mariadb: crash via component Item_subselect::init_expr_cache_tracker (CVE-2022-27384) * mariadb: server crashes in query_arena::set_query_arena upon SELECT from view (CVE-2022-27386) * mariadb: assertion failures in decimal_bin_size (CVE-2022-27387) * mariadb: crash when using HAVING with NOT EXIST predicate in an equality (CVE-2022-27444) * mariadb: assertion failure in compare_order_elements (CVE-2022-27445) * mariadb: crash when using HAVING with IS NULL predicate in an equality (CVE-2022-27446) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27447) * mariadb: crash in multi-update and implicit grouping (CVE-2022-27448) * mariadb: assertion failure in sql/item_func.cc (CVE-2022-27449) * mariadb: crash via window function in expression in ORDER BY (CVE-2022-27451) * mariadb: assertion failure in sql/item_cmpfunc.cc (CVE-2022-27452) * mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING (CVE-2022-27455) * mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc (CVE-2022-27456) * mariadb: incorrect key in "dup value" error after long unique (CVE-2022-27457) * mariadb: use-after-poison in Binary_string::free_buffer (CVE-2022-27458) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31622) * mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc (CVE-2022-31623) * mariadb: Crash executing query with VIEW, aggregate and subquery (CVE-2021-46659) * mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) (CVE-2021-46661) * mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements (CVE-2021-46663) * mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr (CVE-2021-46664) * mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations (CVE-2021-46665) * mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements (CVE-2021-46668) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-31622 CVE-2022-31623 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * information leak in scsi_ioctl() (CVE-2022-0494) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update RT source tree to the latest AlmaLinux-9.0.z2 Batch (BZ#2105450) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-0494 CVE-2022-1055 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * information leak in scsi_ioctl() (CVE-2022-0494) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Power9 - LPAR fails to boot in shared processing mode and call traces are seen [Hash] (BZ#2092248) * Hard lockups are observed while running stress-ng and LPAR hangs (BZ#2092253) * FIPS module identification via name and version (BZ#2093384) * gfs2: File corruption with large writes when memory is tight (BZ#2097306) * i/o on initiator stuck when network is disrupted (4.18.0-372.9.1.el8.x86_64) (BZ#2098251) * AlmaLinux 9.1 doesn't support 3rd SATA (BZ#2099740) * Guest call trace when reboot after postcopy migration with high stress workload (BZ#2100903) * Oops or general protection fault with RIP decode_attr_security_label at decode_getfattr_attrs (BZ#2101854) * Oops as BUG: unable to handle page fault as free of uninitialized nfs4_label on nfs referral lookup (BZ#2101858) * lpar crash with Oops: Kernel access of bad area, sig: 11 [#1] when changing mtu of a bond interface (P10/ ibmvnic/ Haleakala) (BZ#2103085) * OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2109974) Enhancement(s): * iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2105326) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-0494 CVE-2022-1055 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8. Security Fix(es): * dotnet: External Entity Injection during XML signature verification (CVE-2022-34716) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-34716 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: HTTP compression denial of service (CVE-2022-32206) * curl: Unpreserved file permissions (CVE-2022-32207) * curl: FTP-KRB bad message verification (CVE-2022-32208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: c_rehash script allows command injection (CVE-2022-1292) * openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS (CVE-2022-1343) * openssl: OPENSSL_LH_flush() breaks reuse of memory (CVE-2022-1473) * openssl: the c_rehash script allows command injection (CVE-2022-2068) * openssl: AES OCB fails to encrypt some bytes (CVE-2022-2097) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * openssl occasionally sends internal error to gnutls when using FFDHE (BZ#2080323) * openssl req defaults to 3DES (BZ#2085499) * OpenSSL accepts custom elliptic curve parameters when p is large [almalinux-9] (BZ#2085508) * OpenSSL mustn't work with ECDSA with explicit curve parameters in FIPS mode (BZ#2085521) * openssl s_server -groups secp256k1 in FIPS fails because X25519/X448 (BZ#2086554) * Converting FIPS power-on self test to KAT (BZ#2086866) * Small RSA keys work for some operations in FIPS mode (BZ#2091938) * FIPS provider doesn't block RSA encryption for key transport (BZ#2091977) * OpenSSL testsuite certificates expired (BZ#2095696) * [IBM 9.1 HW OPT] POWER10 performance enhancements for cryptography: OpenSSL (BZ#2103044) * [FIPS lab review] self-test (BZ#2112978) * [FIPS lab review] DH tuning (BZ#2115856) * [FIPS lab review] EC tuning (BZ#2115857) * [FIPS lab review] RSA tuning (BZ#2115858) * [FIPS lab review] RAND tuning (BZ#2115859) * [FIPS lab review] zeroization (BZ#2115861) * [FIPS lab review] HKDF limitations (BZ#2118388) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1292 CVE-2022-1343 CVE-2022-1473 CVE-2022-2068 CVE-2022-2097 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: obtaining an authentication token for hacluster user could lead to privilege escalation (CVE-2022-2735) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2022-2735 The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: local root privilege escalation in the virtual machine (CVE-2022-31676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-31676 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9. Security Fix(es): * dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. (CVE-2022-38013) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-38013 The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time. Security Fix(es): * booth: authfile directive in booth config file is completely ignored. (CVE-2022-2553) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2022-2553 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918) * kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.0.z3 Batch (BZ#2119577) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-2078 CVE-2022-34918 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109428) Security Fix(es): * Ruby: Double free in Regexp compilation (CVE-2022-28738) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-28738 CVE-2022-28739 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589) Security Fix(es): * mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479) * mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415) * mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423) * mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444) * mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427) * mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454) * mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455) * mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457) * mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569) * mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515) * mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539) * mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534) * mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Default logrotate set to wrong log file (BZ#2122592) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21412 CVE-2022-21413 CVE-2022-21414 CVE-2022-21415 CVE-2022-21417 CVE-2022-21418 CVE-2022-21423 CVE-2022-21425 CVE-2022-21427 CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 CVE-2022-21438 CVE-2022-21440 CVE-2022-21444 CVE-2022-21451 CVE-2022-21452 CVE-2022-21454 CVE-2022-21455 CVE-2022-21457 CVE-2022-21459 CVE-2022-21460 CVE-2022-21462 CVE-2022-21478 CVE-2022-21479 CVE-2022-21509 CVE-2022-21515 CVE-2022-21517 CVE-2022-21522 CVE-2022-21525 CVE-2022-21526 CVE-2022-21527 CVE-2022-21528 CVE-2022-21529 CVE-2022-21530 CVE-2022-21531 CVE-2022-21534 CVE-2022-21537 CVE-2022-21538 CVE-2022-21539 CVE-2022-21547 CVE-2022-21553 CVE-2022-21556 CVE-2022-21569 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.16.0), nodejs-nodemon (2.0.19). (BZ#2124230, BZ#2124233) Security Fix(es): * nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (CVE-2022-29244) * nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212) * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213) * nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214) * nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215) * got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [almalinux-9] (BZ#2121019) * nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2124299) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2020-28469 CVE-2020-7788 CVE-2021-33502 CVE-2021-3807 CVE-2022-29244 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gpg: Signature spoofing via status line injection (CVE-2022-34903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-34903 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918) * kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RDMA/mlx5: Fix number of allocated XLT entries (BZ#2092270) * mlx5, Setup hanged when run test-route-nexthop-object.sh (BZ#2092535) * many call traces from unchecked MSR access error: WRMSR to 0x199 in amazon i4.32xlarge instance (BZ#2099417) * X86/platform/UV: Kernel Support Fixes for UV5 platform (BZ#2107732) * block layer: fixes for md sync slow and softlockup at blk_mq_sched_dispatch_requests [9.0.0.z] (BZ#2111395) * Fixes for NVMe/TCP dereferences an invalid, non-canonical pointer, kernel panic (BZ#2117755) * Adding missing nvme fix to AlmaLinux-9.1 (BZ#2117756) * nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue) (BZ#2118698) * Important ice bug fixes (BZ#2119290) * Power 9/ppc64le Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command. (BZ#2121719) Enhancement(s): * lscpu does not show all of the support AMX flags (amx_int8, amx_bf16) (BZ#2108203) * ice: Driver Update (BZ#2108204) * iavf: Driver Update (BZ#2119477) * i40e: Driver Update (BZ#2119479) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2078 CVE-2022-34918 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.36.7). Security Fix(es): * webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-32893 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly (CVE-2022-3080) * bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177) * bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-3080 CVE-2022-38177 CVE-2022-38178 Expat is a C library for parsing XML documents. Security Fix(es): * expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-40674 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. The following packages have been upgraded to a later upstream version: gnutls (3.7.6), nettle (3.8). Security Fix(es): * gnutls: Double free during gnutls_pkcs7_verify. (CVE-2022-2509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [IBM 9.1] [P10] POWER10 performance enhancements for cryptography: nettle - incremental work (BZ#2102589) * Allow enabling KTLS in AlmaLinux 9.1 (BZ#2108532) * DES-CBC bag is decryptable under FIPS (BZ#2115314) * allow signature verification using RSA keys <2k in FIPS mode (BZ#2119770) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2509 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10. Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-41032 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.17.1). Security Fix(es): * nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-35255 CVE-2022-35256 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [almalinux-9] (BZ#2132934) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [almalinux-9] (BZ#2131865) Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fix(es): * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-39251) * Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927) * Mozilla: Memory Corruption in JS Engine (CVE-2022-42928) * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (CVE-2022-39236) * Mozilla: Denial of Service via window.print (CVE-2022-42929) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-41974 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full strength general purpose cryptography library. Security Fix(es): * OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602) * OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3602 CVE-2022-3786 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix(es): * zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-37434 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel crash after reboot of T14/G2 AMD laptop (mt7921e module) (BZ#2095653) * execve exit tracepoint not called (BZ#2106661) * Matrox black screen on VGA output on some systems. (BZ#2112017) * The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (BZ#2121129) * watchdog BUG: soft lockup - CPU#30 stuck for 34s! [swapper/30:0] (BZ#2127857) * Update cifs to 5.16 (BZ#2127858) * Bad page state in process qemu-kvm pfn:68a74600 (BZ#2127859) * vfio zero page mappings fail after 2M instances (BZ#2128791) * The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (part 2) (BZ#2128970) Enhancement(s): * Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129453) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2585 CVE-2022-30594 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update RT source tree to the latest AlmaLinux-9.0.z4 Batch (BZ#2123498) Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-2585 CVE-2022-30594 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS (CVE-2020-10735) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-10735 The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): * pki-core: access to external entities when parsing XML can lead to XXE (CVE-2022-2414) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-2414 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280) * kernel info leak issue in pfkey_register (CVE-2022-1353) * use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825) * Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nf_tables disallow binding to already bound chain (CVE-2022-39190) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2020-36516 CVE-2021-3640 CVE-2022-0168 CVE-2022-0617 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1280 CVE-2022-1353 CVE-2022-1679 CVE-2022-1852 CVE-2022-1998 CVE-2022-20368 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21499 CVE-2022-23816 CVE-2022-23825 CVE-2022-24448 CVE-2022-2586 CVE-2022-26373 CVE-2022-2639 CVE-2022-28390 CVE-2022-28893 CVE-2022-29581 CVE-2022-29900 CVE-2022-29901 CVE-2022-36946 CVE-2022-39190 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: improper authentication via PAM (CVE-2022-1049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2022-1049 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024) * podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199) * containers/storage: DoS via malicious image (CVE-2021-20291) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2020-28851 CVE-2020-28852 CVE-2021-20199 CVE-2021-20291 CVE-2021-33197 CVE-2021-34558 CVE-2021-4024 CVE-2022-27191 The libguestfs packages contain a library used for accessing and modifying virtual machine disk images. Security Fix(es): * libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-2211 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm (7.0.0). (BZ#2064757) Security Fix(es): * QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free (CVE-2021-3750) * QEMU: fdc: heap buffer overflow in DMA read data transfers (CVE-2021-3507) * QEMU: intel-hda: segmentation fault due to stack overflow (CVE-2021-3611) * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2021-3507 CVE-2021-3611 CVE-2021-3750 CVE-2021-4158 The virt-v2v package provides a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or AlmaLinux Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible. Security Fix(es): * libguestfs: Buffer overflow in get_keys leads to DoS (CVE-2022-2211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-2211 The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fix(es): * protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-22570 The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): * gimp: buffer overflow through a crafted XCF file (CVE-2022-30067) * gimp: unhandled exception via a crafted XCF file may lead to DoS (CVE-2022-32990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-30067 CVE-2022-32990 Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates. Security Fix(es): * speex: divide by zero in read_samples() via crafted WAV file (CVE-2020-23903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2020-23903 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvirt (8.5.0). (BZ#2060313) Security Fix(es): * libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service (CVE-2022-0897) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-0897 FriBidi is a library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: Stack based buffer overflow (CVE-2022-25308) * fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628) * webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629) * webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719) * webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2087120) Security Fix(es): * unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30698) * unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30699) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-30698 CVE-2022-30699 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd (2.4.53). (BZ#2079939) Security Fix(es): * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719) * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: DoS from specifically crafted TCP packets (CVE-2022-0396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-25220 CVE-2022-0396 The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-0934 FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c (CVE-2021-0561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-0561 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * runc: incorrect handling of inheritable capabilities (CVE-2022-29162) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-29162 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Code injection via Lua script execution environment (CVE-2022-24735) * redis: Malformed Lua script can crash Redis (CVE-2022-24736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-24735 CVE-2022-24736 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-1705 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs. Security Fix(es): * swtpm: Unchecked header size indicator against expected size (CVE-2022-23645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-23645 WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fix(es): * wavpack: Heap out-of-bounds read in WavpackPackSamples() (CVE-2021-44269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-44269 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-27337 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base (2.1.3). (BZ#2061801) Security Fix(es): * 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918) * 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850) * 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-0918 CVE-2022-0996 CVE-2022-2850 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (8.0.20). (BZ#2095752) Security Fix(es): * php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708) * php: Uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2021-21708 CVE-2022-31625 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer (CVE-2022-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-1122 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Privilege escalation when similar master and non-master passdbs are used (CVE-2022-30550) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-30550 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access (CVE-2022-2319) * xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension (CVE-2022-2320) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-2319 CVE-2022-2320 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-1705 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30635 CVE-2022-32148 The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fix(es): * dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132) * DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839) * dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service (CVE-2022-28199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2021-3839 CVE-2022-2132 CVE-2022-28199 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) * use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) * smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168) * NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617) * swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854) * uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016) * race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) * use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184) * concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280) * kernel info leak issue in pfkey_register (CVE-2022-1353) * use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679) * NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852) * fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998) * nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586) * integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368) * incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166) * possible to use the debugger to write zero into a location of choice (CVE-2022-21499) * AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825) * Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390) * use after free in SUNRPC subsystem (CVE-2022-28893) * use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581) * Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901) * DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946) * nf_tables disallow binding to already bound chain (CVE-2022-39190) * nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-36516 CVE-2021-3640 CVE-2022-0168 CVE-2022-0617 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-1280 CVE-2022-1353 CVE-2022-1679 CVE-2022-1852 CVE-2022-1998 CVE-2022-20368 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21499 CVE-2022-23816 CVE-2022-23825 CVE-2022-24448 CVE-2022-2586 CVE-2022-26373 CVE-2022-2639 CVE-2022-28390 CVE-2022-28893 CVE-2022-29581 CVE-2022-29900 CVE-2022-29901 CVE-2022-36946 CVE-2022-39190 The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): * zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-37434 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: bad local IPv6 connection reuse (CVE-2022-27775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-27775 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.16.4). (BZ#2077487) Security Fix(es): * samba: server memory information leak via SMB1 (CVE-2022-32742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32742 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python3.9 (3.9.14). (BZ#2128249) Security Fix(es): * python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107) * python: open redirection vulnerability in lib/http/server.py may lead to information disclosure (CVE-2021-28861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2015-20107 CVE-2021-28861 The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: out-of-bounds read/write via crafted filesystem (CVE-2022-1304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1304 HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): * harfbuzz: integer overflow in the component hb-ot-shape-fallback.cc (CVE-2022-33068) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-33068 The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-25220 The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * gcc: uncontrolled recursion in libiberty/rust-demangle.c (CVE-2021-46195) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::crb CVE-2021-46195 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::crb CVE-2021-28153 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::crb CVE-2018-25032 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: possible information disclosure and modification (CVE-2022-2989) * buildah: possible information disclosure and modification (CVE-2022-2990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * (podman image trust) does not support the new trust type "sigstoreSigned " (BZ#2120436) * dnf-update broken for podman/catatonit (BZ#2123319) * podman creates lock file in /etc/cni/net.d/cni.lock instead of /run/lock/ (BZ#2123905) * podman kill may deadlock [AlmaLinux 9.1] (BZ#2124716) * containers config.json gets empty after sudden power loss (BZ#2136278) * PANIC podman API service endpoint handler panic (BZ#2136287) Enhancement(s): * Podman volume plugin timeout should be configurable [almalinux-9.1.0 Z] (BZ#2124676) * [RFE]Podman support to perform custom actions on unhealthy containers (BZ#2136281) Low Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-2989 CVE-2022-2990 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.100 RC 2 and .NET Runtime 7.0.0 RC 2. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.100). (BZ#2134641) Security Fix(es): * dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-41032 Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fix(es): * keylime: exception handling and impedance match in tornado_requests (CVE-2022-3500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-3500 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: local privilege escalation via the multiprocessing forkserver start method (CVE-2022-42919) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-42919 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-42898 Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: Request Forgery Vulnerability (CVE-2022-45060) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-45060 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (18.12.1). (BZ#2142809, BZ#2142830, BZ#2142834, BZ#2142856) Security Fix(es): * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2022 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-3517 CVE-2022-43548 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution (CVE-2022-42856) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-42856 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.113). (BZ#2154459) Security Fix(es): * dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process (CVE-2023-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2023-21538 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147476) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [almalinux-9] (BZ#2153097) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2023-21835 CVE-2023-21843 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [almalinux-9] (BZ#2157798) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2023-21835 CVE-2023-21843 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [almalinux-9] (BZ#2159912) * solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [almalinux-9, openjdk-8] (BZ#2163594) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2023-21830 CVE-2023-21843 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863) * kernel-rt: update RT source tree to the latest AlmaLinux-9.1.z1 Batch (BZ#2141817) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-2959 CVE-2022-2964 CVE-2022-30594 CVE-2022-3077 CVE-2022-4139 CVE-2022-43945 The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature. Security Fix(es): * usbguard: Fix unauthorized access via D-Bus (CVE-2019-25058) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2019-25058 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Macro URL arbitrary script execution (CVE-2022-3140) * libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305) * libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password (CVE-2022-26306) * libreoffice: Weak Master Keys (CVE-2022-26307) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2022-26305 CVE-2022-26306 CVE-2022-26307 CVE-2022-3140 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20). Security Fix(es): * minimist: prototype pollution (CVE-2021-44906) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) * nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs: Packaged version of undici does not fit with declared version. [almalinux-9] (BZ#2151627) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2021-44906 CVE-2022-3517 CVE-2022-35256 CVE-2022-43548 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Internal linking fails on ppc64le (BZ#2144547) * crypto testcases fail on golang on s390x [almalinux-9] (BZ#2149311) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: POST following PUT confusion (CVE-2022-32221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32221 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077) * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel 9.2: Important iavf bug fixes (BZ#2127884) * vfio zero page mappings fail after 2M instances (BZ#2128514) * nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359) * ice: Driver Update to 5.19 (BZ#2132070) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588) * drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619) * updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914) * DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213) * No signal showed in the VGA monitor when installing AlmaLinux9 in the legacy bios mode (BZ#2140153) * Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168) * ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976) * fatal error: error in backend: Branch target out of insn range (BZ#2144902) * AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217) * Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910) * Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605) * DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2959 CVE-2022-2964 CVE-2022-30594 CVE-2022-3077 CVE-2022-4139 CVE-2022-43945 D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets (CVE-2022-42010) * dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type (CVE-2022-42011) * dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly (CVE-2022-42012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: buffer overrun in format_timespan() function (CVE-2022-3821) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3821 Expat is a C library for parsing XML documents. Security Fix(es): * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-43680 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303) * libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-40303 CVE-2022-40304 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API (CVE-2022-35737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-35737 A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions. Security Fix(es): * libtasn1: Out-of-bound access in ETYPE_OK (CVE-2021-46848) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-46848 X.Org X11 libXpm runtime library. Security Fix(es): * libXpm: compression commands depend on $PATH (CVE-2022-4883) * libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617) * libXpm: Infinite loop on unclosed comments (CVE-2022-46285) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: gitattributes parsing integer overflow (CVE-2022-23521) * git: Heap overflow in `git archive`, `git log --format` leading to RCE (CVE-2022-41903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-23521 CVE-2022-41903 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-0494 The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601) * grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2601 CVE-2022-3775 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix(es): * Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728) * Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739) * Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743) * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746) * Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: processing maliciously crafted web content may be exploited for arbitrary code execution (CVE-2023-23529) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-23529 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: read buffer overflow in X.509 certificate verification (CVE-2022-4203) * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) * openssl: invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216) * openssl: NULL dereference validating DSA public key (CVE-2023-0217) * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * openssl: NULL dereference during PKCS7 data verification (CVE-2023-0401) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode (BZ#2144000) * In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 (BZ#2144003) * stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake (BZ#2144008) * In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator (BZ#2144010) * In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator (BZ#2144012) * In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator (BZ#2144015) * In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 (BZ#2144017) * In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator (BZ#2144019) * In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator (BZ#2145170) * AlmaLinux9.1 Nightly[0912] - error:03000093:digital envelope routines::command not supported when git clone is run with configured ibmca engine backed by libica.so.4 (OpenSSL 3.0) (BZ#2149010) * OpenSSL FIPS checksum code needs update (BZ#2158412) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0401 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * AlmaLinux 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083) * AlmaLinux 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085) * AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274) * qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178) * Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277) * Scheduler Update (almalinux9.2) (BZ#2153792) * AlmaLinux9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305) * MSFT, MANA, NET Patch AlmaLinux-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145) * Azure vPCI AlmaLinux-9 add the support of multi-MSI (BZ#2155459) * Azure AlmaLinux-9: VM Deployment Failures Patch Request (BZ#2155930) * The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815) * AlmaLinux-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344) * CEE cephfs: AlmaLinux9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418) * block layer: update with upstream v6.0 (BZ#2162535) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2873 CVE-2022-3564 CVE-2022-4378 CVE-2022-4379 CVE-2023-0179 The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fix(es): * pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-40897 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * Python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-45061 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting (CVE-2022-4415) * systemd: deadlock in systemd-coredump via a crash with a long backtrace (CVE-2022-45873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4415 CVE-2022-45873 Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: no check if the return value of XChangeGC() is NULL (CVE-2022-47024) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-47024 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (8.0.27). (BZ#2161667) Security Fix(es): * XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454) * php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications (CVE-2022-31629) * php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630) * php: Due to an integer overflow PDO::quote() may return unquoted string (CVE-2022-31631) * php: phar wrapper can occur dos when using quine gzip file (CVE-2022-31628) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-31631 CVE-2022-37454 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165975) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2022-45442 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378) * kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379) * kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179) * kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.1.z2 Batch (BZ#2160463) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-2873 CVE-2022-3564 CVE-2022-4378 CVE-2022-4379 CVE-2023-0179 The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c (CVE-2021-46822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb CVE-2021-46822 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: timing side-channel in the TLS RSA key exchange code (CVE-2023-0361) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * CCM tag length should be limited to known values (BZ#2144535) * In FIPS mode, gnutls should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator (BZ#2144537) * dracut-cmdline[554]: Error in GnuTLS initialization: Error while performing self checks i FIPS mode (BZ#2149640) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0361 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767) Bug Fix(es): * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator. (BZ#2177434) * Need to update FIPS review comments into NSS AlmaLinux-9. (BZ#2177875) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-0767 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.1.z3 Batch (BZ#2170460) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime CVE-2022-4269 CVE-2022-4744 CVE-2023-0266 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) * ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) * kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * AlmaLinux9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880) * Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766) * AlmaLinux9.0 - boot: Add secure boot trailer (BZ#2151528) * kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614) * Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105) * AlmaLinux9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903) * libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956) * Azure AlmaLinux9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227) Enhancement(s): * IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304) * Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4269 CVE-2022-4744 CVE-2023-0266 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * webpack: avoid cross-realm objects (CVE-2023-28154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::resilientstorage CVE-2023-28154 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream CVE-2023-1393 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-25690 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.1.z3 Batch (BZ#2182066) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0386 PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625) * postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2625 CVE-2022-41862 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: HTTP multi-header compression denial of service (CVE-2023-23916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-23916 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update intel_idle for Eaglestream/Sapphire Rapids support (BZ#2168361) * AlmaLinux9: An application stopped on robust futex used via pthread_mutex_lock() (BZ#2168836) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0386 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix(es): * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102) * Mozilla: Fullscreen notification obscured (CVE-2023-29533) * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535) * Mozilla: Invalid free from JavaScript code (CVE-2023-29536) * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550) * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945) * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539) * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541) * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186804) * Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186811) * The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186807) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The RSAPSSSignature implementation works with RSA keys via the SunRSASign provider. However, it did not fully check that the RSA key could be used by the provider before attempting to do so, leading to the possibility of errors being returned with custom security providers. The implementation now validates RSA keys and will allow other providers to handle such keys where it cannot. (RHBZ#2188024) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28205 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: command injection vulnerability in org-mode (CVE-2023-28617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28617 The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1999 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-38023 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461) * hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341) * malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) * possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462) * KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789) * use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882) * KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196) * netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663) * race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028) * out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435) * race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522) * memory leak in ipv6_renew_options() (CVE-2022-3524) * data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566) * data races around sk->sk_prot (CVE-2022-3567) * memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619) * denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623) * use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625) * USB-accessible buffer overflow in brcmfmac (CVE-2022-3628) * use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640) * Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707) * mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128) * l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129) * igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141) * lockdown bypass using IMA (CVE-2022-21505) * double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388) * network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743) * unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188) * TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189) * u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) * use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) * use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720) * BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721) * Denial of service in beacon protection for P2P-device (CVE-2022-42722) * memory corruption in usbmon driver (CVE-2022-43750) * NULL pointer dereference in traffic control subsystem (CVE-2022-47929) * NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394) * use-after-free due to race condition in qdisc_graft() (CVE-2023-0590) * use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195) * denial of service in tipc_conn_close (CVE-2023-1382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-26341 CVE-2021-33655 CVE-2022-1462 CVE-2022-1789 CVE-2022-1882 CVE-2022-20141 CVE-2022-21505 CVE-2022-2196 CVE-2022-2663 CVE-2022-28388 CVE-2022-3028 CVE-2022-33743 CVE-2022-3435 CVE-2022-3522 CVE-2022-3524 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3628 CVE-2022-3640 CVE-2022-3707 CVE-2022-39188 CVE-2022-39189 CVE-2022-4128 CVE-2022-4129 CVE-2022-41674 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42896 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-0590 CVE-2023-1195 CVE-2023-1382 The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * python-oauthlib: DoS when attacker provides malicious IPV6 URI (CVE-2022-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-36087 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm (7.2.0). (BZ#2111769, BZ#2135806) Security Fix(es): * QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion (CVE-2022-3165) * QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record (CVE-2022-4172) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3165 CVE-2022-4172 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) * edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation (CVE-2021-38578) * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304) * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450) * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-38578 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: Information leakage in EAP-PWD (CVE-2022-41859) * freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860) * freeradius: Crash on invalid abinary data (CVE-2022-41861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-27664 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-27664 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 CVE-2022-41717 The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image data (CVE-2021-44648) * gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files (CVE-2021-46829) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-44648 CVE-2021-46829 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-27664 CVE-2022-32189 CVE-2022-41717 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550) * xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341) * xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342) * xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343) * xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344) * xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494) * xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3550 CVE-2022-3551 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVE-2023-0494 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518) * webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886) * webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888) * webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923) * webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799) * webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823) * webkitgtk: sensitive information disclosure issue (CVE-2022-42824) * webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863) * webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691) * webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692) * webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699) * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362) * webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-42826 CVE-2022-42852 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283) * xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340) * xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341) * xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342) * xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343) * xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-38784 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header() (CVE-2022-1920) * gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files (CVE-2022-1921) * gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression (CVE-2022-1922) * gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression (CVE-2022-1923) * gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression (CVE-2022-1924) * gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression (CVE-2022-1925) * gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression (CVE-2022-2122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795) * bind: flooding with UPDATE requests may lead to DoS (CVE-2022-3094) * bind: sending specific queries to the resolver may cause a DoS (CVE-2022-3736) * bind: sending specific queries to the resolver may cause a DoS (CVE-2022-3924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-30629 CVE-2022-41717 The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field (CVE-2022-2393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2393 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) * git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282) * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283) * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316) * freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317) * freerdp: division by zero in urbdrc channel (CVE-2022-39318) * freerdp: missing length validation in urbdrc channel (CVE-2022-39319) * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320) * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347) * freerdp: missing input length validation in `drive` channel (CVE-2022-41877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-39282 CVE-2022-39283 CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: ctags local command execution vulnerability (CVE-2022-45939) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-45939 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack) (CVE-2022-3204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3204 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: f5ethtrailer Infinite loop in legacy style dissector (CVE-2022-3190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3190 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (8.1.14). Security Fix(es): * XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454) * php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications (CVE-2022-31629) * php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630) * php: PDO::quote() may return unquoted string due to an integer overflow (CVE-2022-31631) * php: phar: infinite loop when decompressing quine gzip file (CVE-2022-31628) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-31631 CVE-2022-37454 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: NULL Pointer Exception when handling ipDefaultTTL (CVE-2022-44792) * net-snmp: NULL Pointer Exception when handling pv6IpForwarding (CVE-2022-44793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-44792 CVE-2022-44793 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461) * cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341) * malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) * possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462) * KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789) * use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882) * KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196) * netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663) * race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028) * out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435) * race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522) * memory leak in ipv6_renew_options() (CVE-2022-3524) * data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566) * data races around sk->sk_prot (CVE-2022-3567) * memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619) * denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623) * use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625) * USB-accessible buffer overflow in brcmfmac (CVE-2022-3628) * use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640) * Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707) * mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128) * l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129) * igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141) * lockdown bypass using IMA (CVE-2022-21505) * double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388) * network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743) * unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188) * TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189) * u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) * use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) * use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720) * BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721) * Denial of service in beacon protection for P2P-device (CVE-2022-42722) * memory corruption in usbmon driver (CVE-2022-43750) * NULL pointer dereference in traffic control subsystem (CVE-2022-47929) * NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394) * use-after-free due to race condition in qdisc_graft() (CVE-2023-0590) * use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195) * denial of service in tipc_conn_close (CVE-2023-1382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-26341 CVE-2021-33655 CVE-2022-1462 CVE-2022-1789 CVE-2022-1882 CVE-2022-20141 CVE-2022-21505 CVE-2022-2196 CVE-2022-2663 CVE-2022-28388 CVE-2022-3028 CVE-2022-33743 CVE-2022-3435 CVE-2022-3522 CVE-2022-3524 CVE-2022-3566 CVE-2022-3567 CVE-2022-3619 CVE-2022-3623 CVE-2022-3625 CVE-2022-3628 CVE-2022-3640 CVE-2022-3707 CVE-2022-39188 CVE-2022-39189 CVE-2022-4128 CVE-2022-4129 CVE-2022-41674 CVE-2022-42703 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42896 CVE-2022-43750 CVE-2022-47929 CVE-2023-0394 CVE-2023-0461 CVE-2023-0590 CVE-2023-1195 CVE-2023-1382 The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fix(es): * device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-41973 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect handling of control code characters in cookies (CVE-2022-35252) * curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-35252 CVE-2022-43552 The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287) * shim: 3rd party shim allow secure boot bypass (CVE-2022-34301) * shim: 3rd party shim allow secure boot bypass (CVE-2022-34302) * shim: 3rd party shim allow secure boot bypass (CVE-2022-34303) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3287 CVE-2022-34301 CVE-2022-34302 CVE-2022-34303 The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort (CVE-2022-2928) * dhcp: DHCP memory leak (CVE-2022-2929) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2928 CVE-2022-2929 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3358 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: NULL pointer dereference in archive_write.c (CVE-2022-36227) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-36227 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a later upstream version: krb5 (1.20.1). (BZ#2016312) Security Fix(es): * Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-17049 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.32). (BZ#2177731, BZ#2177732) Security Fix(es): * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2023) (CVE-2023-21912) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21594) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2022) (CVE-2022-21599) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21604) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21608) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21611) * mysql: Server: Connection Handling unspecified vulnerability (CPU Oct 2022) (CVE-2022-21617) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21625) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2022) (CVE-2022-21632) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2022) (CVE-2022-21633) * mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21637) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21640) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39400) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39408) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-39410) * mysql: Server: DML unspecified vulnerability (CPU Jan 2023) (CVE-2023-21836) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21863) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21864) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21865) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21867) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21868) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21869) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21870) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21871) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21873) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2023) (CVE-2023-21875) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21876) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21877) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21878) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21879) * mysql: InnoDB unspecified vulnerability (CPU Jan 2023) (CVE-2023-21880) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21881) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21883) * mysql: Server: GIS unspecified vulnerability (CPU Jan 2023) (CVE-2023-21887) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21917) * mysql: Server: Thread Pooling unspecified vulnerability (CPU Jan 2023) (CVE-2023-21874) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21882) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-21594 CVE-2022-21599 CVE-2022-21604 CVE-2022-21608 CVE-2022-21611 CVE-2022-21617 CVE-2022-21625 CVE-2022-21632 CVE-2022-21633 CVE-2022-21637 CVE-2022-21640 CVE-2022-39400 CVE-2022-39408 CVE-2022-39410 CVE-2023-21836 CVE-2023-21863 CVE-2023-21864 CVE-2023-21865 CVE-2023-21867 CVE-2023-21868 CVE-2023-21869 CVE-2023-21870 CVE-2023-21871 CVE-2023-21873 CVE-2023-21874 CVE-2023-21875 CVE-2023-21876 CVE-2023-21877 CVE-2023-21878 CVE-2023-21879 CVE-2023-21880 CVE-2023-21881 CVE-2023-21882 CVE-2023-21883 CVE-2023-21887 CVE-2023-21912 CVE-2023-21917 GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux (CVE-2023-2491) * emacs: command execution via shell metacharacters (CVE-2022-48337) * emacs: local command injection in ruby-mode.el (CVE-2022-48338) * emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 CVE-2023-2491 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: remote DoS via crafted TS payload with an incorrect selector length (CVE-2023-23009) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-23009 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability (CVE-2023-25136) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-25136 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP too eager connection reuse (CVE-2023-27535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27535 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: webpack: Regression of CVE-2023-28154 fixes in the AlmaLinux (CVE-2023-2319) * rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530) * rubygem-rack: denial of service in header parsing (CVE-2023-27539) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints (BZ#2180697) * Need a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources (BZ#2180704) * [WebUI] fence levels prevent loading of cluster status (BZ#2183180) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2319 CVE-2023-27530 CVE-2023-27539 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * WebKitGTK: Regression of CVE-2023-28205 fixes in the AlmaLinux (CVE-2023-2203) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2203 The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix(es): * kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) (CVE-2023-22655) * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746) * kernel: Local information disclosure in some Intel(R) processors (CVE-2023-38575) * kernel: Possible Denial of Service on Intel(R) Processors (CVE-2023-39368) * kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode (CVE-2023-43490) * intel-microcode: Race conditions in some Intel(R) Processors (CVE-2023-45733) * intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors (CVE-2023-46103) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490 CVE-2023-45733 CVE-2023-46103 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20). Security Fix(es): * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-25881 CVE-2022-4904 CVE-2023-23918 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212) * Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Security Fix(es): * apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-25147 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: Regression of CVE-2023-30570 fixes in the AlmaLinux (CVE-2023-2295) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2295 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (CVE-2023-25652) * git: arbitrary configuration injection when renaming or deleting a section from a configuration file (CVE-2023-29007) * git: data exfiltration with maliciously crafted repository (CVE-2023-22490) * git: git apply: a path outside the working tree can be overwritten with crafted input (CVE-2023-23946) * git: malicious placement of crafted messages when git was compiled with runtime prefix (CVE-2023-25815) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22490 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24540 The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es): * cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24805 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: a use-after-free when processing maliciously crafted web content (CVE-2023-32373) * webkitgtk: an out-of-bounds read when processing malicious content (CVE-2023-28204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28204 CVE-2023-32373 The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32067 Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap-based buffer overflow vulnerability (CVE-2021-3903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-3903 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212379) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24936 CVE-2023-29331 CVE-2023-29337 CVE-2023-33128 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24329 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) * c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147) * c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR. Security Fix(es): * Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414) * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-34414 CVE-2023-34416 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211877) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24936 CVE-2023-29331 CVE-2023-29337 CVE-2023-32032 CVE-2023-33128 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24329 The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32700 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) * Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RT] Single Node Openshift cluster becomes unreachable after running less than 2 hours (BZ#2186853) * kernel-rt: update RT source tree to the latest AlmaLinux-9.2.z1 Batch (BZ#2188313) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2002 CVE-2023-2124 CVE-2023-2194 CVE-2023-2235 CVE-2023-28466 CVE-2023-32233 PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: schema_element defeats protective search_path changes (CVE-2023-2454) * postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2454 CVE-2023-2455 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: Memory leak in virPCIVirtualFunctionList cleanup (CVE-2023-2700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2700 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650) * openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (CVE-2023-0464) * openssl: Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) * openssl: Certificate policy check not enabled (CVE-2023-0466) * openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, openssl KDFs should only allow selected hash algorithms (BZ#2175860) * In FIPS mode, openssl should reject short KDF input or output keys or provide an indicator (BZ#2175864) * In FIPS mode, openssl should provide an indicator for AES-GCM to query whether the IV was generated internally or provided externally (BZ#2175868) * openssl FIPS mode self-test should zeroize `out` in `verify_integrity` in providers/fips/self_test.c (BZ#2175873) * In FIPS mode, openssl should not support RSA encryption or decryption without padding (outside of RSASVE) or provide an indicator (BZ#2178029) * In FIPS mode, openssl should reject EVP_PKEY_fromdata() for short DHX keys, or provide an indicator (BZ#2178030) * In FIPS mode, openssl should not use the legacy ECDSA_do_sign(), RSA_public_encrypt(), RSA_private_decrypt() functions for pairwise consistency tests (BZ#2178034) * In FIPS mode, openssl should enter error state when DH PCT fails (BZ#2178039) * In FIPS mode, openssl should always run the PBKDF2 lower bounds checks or provide an indicator when the pkcs5 parameter is set to 1 (BZ#2178137) * Support requiring EMS in TLS 1.2, default to it when in FIPS mode (BZ#2188046) * OpenSSL rsa_verify_recover doesn't use the same key checks as rsa_verify in FIPS mode (BZ#2188052) * AlmaLinux9.0 - sshd dumps core when ibmca engine is configured with default_algorithms = CIPHERS or ALL (openssl) (BZ#2211396) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) * Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) * kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel QAT Update - (kernel changes) (BZ#2176846) * RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2178857) * In FIPS mode, kernel does not transition into error state when RCT or APT health tests fail (BZ#2181727) * Kernel BUG in iwlmvm wifi driver when used Mesh systems (BZ#2186723) * Azure AlmaLinux 9 Backport upstream commit 93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to uninitialized current_vmcs] (BZ#2186822) * AlmaLinux 9 blktests nvme/047 lead kernel NULL pointer (BZ#2187536) * Single Node Openshift cluster becomes unreachable after running less than 2 hours (BZ#2187709) * kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds (BZ#2188655) * fix page end in filemap_get_read_batch (BZ#2189349) * AlmaLinux 9.2 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2192348) * wdat_wdt watchdog timeout triggered unexpectedly (BZ#2192585) * ice: high CPU usage with GNSS or ptp4l (BZ#2203154) * AlmaLinux 9 "smpboot: Scheduler frequency invariance went wobbly, disabling!" on nohz_full CPUs after long run (BZ#2203178) * Dying percpu kworkers cause issues on isolated CPUs [almalinux-9] (BZ#2203229) * FJ9.2 Bug: [REG] NFS infinite loop of COMMIT call and NFS4ERR_DELAY reply. (BZ#2203335) * perf errors - "event syntax error: 'unc_p_delayed_c_state_abort_core5'" b'_ value too big for format, maximum is 255' (BZ#2207471) * AlmaLinux 9: Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208242) * cifs: backport small patches to bring us close to 9.1 - backport commit aea02fc40a7f cifs: fix wrong unlock before return from cifs_tree_connect (BZ#2209045) * AlmaLinux 9 x86_64, kdump 2nd kernel will randomly panic on "kvm-08-guest25.hv2" (BZ#2210614) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2002 CVE-2023-2124 CVE-2023-2194 CVE-2023-2235 CVE-2023-28466 CVE-2023-32233 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) * golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404) * golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405) * golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Critical Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-20867 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet7.0 (SDK 7.0.109, Runtime 7.0.9). (BZ#2219634) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-33170 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219640) Security Fix(es): * dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-33170 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37207) * Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208 CVE-2023-37211 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2828 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 11.0.20) [almalinux-9] (BZ#2223100) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) * OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) * OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) * OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Installing the same java-17-openjdk-headless package on two different systems resulted in distinct classes.jsa files getting generated. This was because the CDS archive was being generated by a post script action of the java-17-openjdk-headless package. This prevented the use of the dynamic dump feature, as the checksum in the archive would be different on each system. This is resolved in this release by using the .jsa files generated during the initial build. (RHBZ#2221653) * Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8) [almalinux-9] (BZ#2222852) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) * OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [almalinux-9] (BZ#2220662) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22045 CVE-2023-22049 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-32435) * webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2023-32439) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32435 CVE-2023-32439 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: SMB2 packet signing is not enforced when "server signing = required" is set (CVE-2023-3347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The trust relationship between this workstation and the primary domain failed (BZ#2223600) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3347 The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fix(es): * dnspython: denial of service in stub resolver (CVE-2023-29483) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29483 GNU nano is a small and friendly text editor. Security Fix(es): * nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file (CVE-2024-5742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-5742 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342, BZ#2223344) Security Fix(es): * nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581) * nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588) * nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589) * nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484) * libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28484 CVE-2023-29469 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) * curl: more POST-after-PUT confusion (CVE-2023-28322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28321 CVE-2023-28322 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869) * kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458) * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-45869 CVE-2023-0458 CVE-2023-1998 CVE-2023-3090 CVE-2023-35788 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090) * kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788) * kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869) * kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458) * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-45869 CVE-2023-0458 CVE-2023-1998 CVE-2023-3090 CVE-2023-35788 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38408 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Security Fix(es): * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049) * Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057) * Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048 CVE-2023-4049 CVE-2023-4050 CVE-2023-4056 CVE-2023-4057 D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered (CVE-2023-34969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-34969 Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): * rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38497 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-35390 CVE-2023-38180 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Security Fix(es): * dotnet: RCE under dotnet commands (CVE-2023-35390) * dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-35390 CVE-2023-38180 The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Security Fix(es): * subscription-manager: inadequate authorization of com.AlmaLinux.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3899 The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: Information leak through Cups-Get-Document operation (CVE-2023-32360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32360 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix(es): * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585) * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) * Mozilla: Full screen notification obscured by external program (CVE-2023-4053) * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578) * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580) * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581) * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4051 CVE-2023-4053 CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4581 CVE-2023-4584 CVE-2023-4585 FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Security Fix(es): * flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-22219 The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-20593 The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel (5.14.0). Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 9.3 BUG] [SPR][EMR][FHF] ACPI: Fix system hang during S3 wakeup (BZ#2218026) * [Dell 9.2 BUG] Monitor lost after replug WD19TBS to SUT port wiith VGA/DVI to type-C dongle (BZ#2219463) * rtmutex: Incorrect waiter woken when requeueing in rt_mutex_adjust_prio_chain() (BZ#2222121) * AlmaLinux AWS ARM Instability During Microshift e2e tests (BZ#2223310) * AlmaLinux 9.x updates for SEV-SNP guest support (BZ#2224587) * Lock state corruption from nested rtmutex blocking in blk_flush_plug() (BZ#2225623) * bpf_jit_limit hit again - copy_seccomp() fix (BZ#2226945) * libceph: harden msgr2.1 frame segment length checks (BZ#2227070) * Temporary values used for the FIPS integrity test should be zeroized after use (BZ#2227768) * Important iavf bug fixes July 2023 (BZ#2228156) * [i40e/ice] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228158) * lvconvert --splitcache, --uncache operations getting hung (BZ#2228481) * perf: EMR core and uncore PMU support (BZ#2230175) * NVIDIA - Grace: Backport i2c: tegra: Set ACPI node as primary fwnode (BZ#2230483) * NVIDIA - Grace: Backport i2c: tegra: Fix PEC support for SMBUS block read (BZ#2230488) * [Hyper-V][AlmaLinux 9]incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230747) * Kernel config option CONFIG_CRYPTO_STATS should be disabled until it is enhanced (BZ#2231850) * [AlmaLinux 9][Hyper-V]Excessive hv_storvsc driver logging with srb_status SRB_STATUS_INTERNAL_ERROR (0x30) (BZ#2231990) * AlmaLinux-9: WARNING: bad unlock balance detected! (BZ#2232213) * NVIDIA - Grace: Backport drm/ast patch expected for kernel 6.4 (BZ#2232302) * [Lenovo 9.1 bug] AlmaLinux 9 will hang when "echo c > /proc/sysrq-trigger". (BZ#2232700) * [AlmaLinux-9] bz2022169 in /kernel/general/process/reg-suit fails on aarch64 (/proc/[pid]/wchan broken) (BZ#2233928) Enhancement(s): * [Intel 9.3 FEAT] cpufreq: intel_pstate: Enable HWP IO boost for all servers (BZ#2210270) * [Dell 9.3 FEAT] - New MB with AMP Codec Change on Maya Bay (audio driver) (BZ#2218960) * [Lenovo 9.3 FEAT] MDRAID - Update to the latest upstream (BZ#2221170) * [Intel 9.3 FEAT] [EMR] Add EMR support to uncore-frequency driver (BZ#2230169) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1637 CVE-2023-20593 CVE-2023-21102 CVE-2023-31248 CVE-2023-3390 CVE-2023-35001 CVE-2023-3610 CVE-2023-3776 CVE-2023-4004 CVE-2023-4147 Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Security Fix(es): * libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603) * libcap: Memory Leak on pthread_create() Error (CVE-2023-2602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2602 CVE-2023-2603 Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fix(es): * keylime: registrar is subject to a DoS against SSL connections (CVE-2023-38200) * Keylime: challenge-response protocol bypass during agent registration (CVE-2023-38201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38200 CVE-2023-38201 The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library. Security Fix(es): * librsvg: Arbitrary file read when xinclude href has special characters (CVE-2023-38633) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38633 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest AlmaLinux-9.2.z3 Batch (BZ#2228482) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1637 CVE-2023-20593 CVE-2023-21102 CVE-2023-31248 CVE-2023-3390 CVE-2023-35001 CVE-2023-3610 CVE-2023-3776 CVE-2023-4004 CVE-2023-4147 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service (CVE-2023-3354) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [qemu-kvm] rhel guest failed boot with multi disks on error Failed to start udev Wait for Complete Device Initialization (BZ#2211923) * [almalinux9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest (BZ#2227721) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3354 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36799 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36799 The gcc-toolset-14-gcc13 package contains the GNU Compiler Collection version 14. Security Fix(es): * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-11023 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.1 ESR. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4863 The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4863 The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: SAML token signature bypass (CVE-2023-20900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-20900 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: command injection via crafted archives or compressed files (CVE-2024-25082) * fontforge: command injection via crafted filenames (CVE-2024-25081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-25081 CVE-2024-25082 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) * glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) * glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) * glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4527 CVE-2023-4806 CVE-2023-4813 CVE-2023-4911 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-40217 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices (CVE-2023-36664) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36664 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-40217 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002) * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006) * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs: Rebase to the latest Nodejs 16 release [almalinux-9] (BZ#2236434) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: galera (26.4.14), mariadb (10.5.22). Security Fix(es): * mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157) * mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc (CVE-2022-32081) * mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc (CVE-2022-32082) * mariadb: segmentation fault via the component sub_select (CVE-2022-32084) * mariadb: server crash in st_select_lex_unit::exclude_level (CVE-2022-32089) * mariadb: server crash in JOIN_CACHE::free or in copy_fields (CVE-2022-32091) * mariadb: compress_write() fails to release mutex on failure (CVE-2022-38791) * mariadb: NULL pointer dereference in spider_db_mbase::print_warnings() (CVE-2022-47015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32081 CVE-2022-32082 CVE-2022-32084 CVE-2022-32089 CVE-2022-32091 CVE-2022-38791 CVE-2022-47015 CVE-2023-5157 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3341 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: segmentation fault in ciMethodBlocks (CVE-2022-40433) * OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 8u392, increases it to 16 MB. (AlmaLinux-13593) * The /usr/bin/jfr alternative is now owned by the java-1.8.0-openjdk package (AlmaLinux-13583) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-40433 CVE-2023-22067 CVE-2023-22081 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Midstream dist-git patches (BZ#2223637) Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29409 CVE-2023-39325 CVE-2023-44487 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 11.0.20 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 11.0.20.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237175) * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 11.0.20 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 11.0.20.1, increases it to 16 MB. * The serviceability agent would print an exception when encountering null addresses while producing thread dumps. These null values are now handled appropriately. (JDK-8243210) * The /usr/bin/jfr alternative is now owned by the java-11-openjdk package (AlmaLinux-13532) * The jcmd tool is now provided by the java-11-openjdk-headless package, rather than java-11-openjdk-devel, to make it more accessible (AlmaLinux-13536) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22081 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121) (CVE-2023-22025) * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 17.0.8 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 17.0.9, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. (RHBZ#2237185) * The /usr/bin/jfr alternative is now owned by the java-17-openjdk package (AlmaLinux-13648) * The jcmd tool is now provided by the java-17-openjdk-headless package, rather than java-17-openjdk-devel, to make it more accessible (AlmaLinux-13651) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22025 CVE-2023-22081 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155) * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158) * Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341) * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9341 CVE-2024-9407 CVE-2024-9675 CVE-2024-9676 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545) * curl: cookie injection with none file (CVE-2023-38546) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38545 CVE-2023-38546 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) A AlmaLinux Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd: CONTINUATION frames DoS (CVE-2024-27316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-27316 urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying requests and dealing with HTTP redirects. • Support for gzip, deflate, brotli, and zstd encoding. • Proxy support for HTTP and SOCKS. • 100% test coverage. Security Fix(es): * urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-37891 Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: XML loading external entity without being enabled (CVE-2023-3823) * php: phar Buffer mismanagement (CVE-2023-3824) * php: 1-byte array overrun in common path resolve code (CVE-2023-0568) * php: DoS vulnerability when parsing multipart request body (CVE-2023-0662) * php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247) * php: Password_verify() always return true with some hash (CVE-2023-0567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 The rhel9/toolbox container image can be used with Toolbox to obtain AlmaLinux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the rhel9/toolbox image in the AlmaLinux container registry. To pull this container image, run one of the following commands: podman pull registry.AlmaLinux.io/rhel9/toolbox (authenticated) podman pull registry.access.AlmaLinux.com/ubi9/toolbox (unauthenticated) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39325 CVE-2023-44487 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.4.0 ESR. Security Fix(es): * Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721) * Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730) * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488) * Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724) * Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725) * Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728) * Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44488 CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.124 and .NET Runtime 6.0.24. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36799 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.113 and .NET Runtime 7.0.13. Security Fix(es): * dotnet: Denial of Service with Client Certificates using .NET Kestrel (CVE-2023-36799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36799 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents (CVE-2023-43115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-43115 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-38900 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() (CVE-2019-14560) * openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2019-14560 CVE-2023-2650 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1393 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287) * python: Improper validation of IPv6 and IPvFuture addresses (CVE-2024-11168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9287 CVE-2024-11168 LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): * LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-32142 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017) * firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010) * firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016) * firefox: thunderbird: Potential opening of private browsing tabs in normal browsing windows (CVE-2025-1013) * firefox: thunderbird: A bug in WebAssembly code generation could result in a crash (CVE-2025-1011) * thunderbird: Unsanitized address book fields (CVE-2025-1015) * firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009) * thunderbird: Address of e-mail sender can be spoofed by malicious email (CVE-2025-0510) * firefox: thunderbird: Certificate length was not properly checked (CVE-2025-1014) * firefox: thunderbird: Use-after-free during concurrent delazification (CVE-2025-1012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2025-0510 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1015 CVE-2025-1016 CVE-2025-1017 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064) * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-3064 CVE-2022-41723 CVE-2022-41725 CVE-2023-24534 CVE-2023-24536 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 CVE-2023-29406 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. The following packages have been upgraded to a later upstream version: qemu-kvm (8.0.0). (BZ#2180898) Security Fix(es): * QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750) (CVE-2023-2680) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2680 Qt is a software toolkit for developing applications. Security Fix(es): * qt: buffer over-read via a crafted reply from a DNS server (CVE-2023-33285) * qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410) * qtbase: buffer overflow in QXmlStreamReader (CVE-2023-37369) * qtbase: infinite loops in QXmlStreamReader (CVE-2023-38197) * qt: Uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32573 CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 The GNU Debugger (GDB) allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fix(es): * libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c (CVE-2021-3826) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-3826 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809) * runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561) * runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642) * runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration (CVE-2021-43784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-43784 CVE-2022-41724 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es): * liblouis: buffer overflow in lou_logFile function at logginc.c (CVE-2023-26767) * liblouis: buffer overflow in lou_setDataPath (CVE-2023-26768) * liblouis: buffer overflow in Lou_Trace (CVE-2023-26769) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd (2.4.57). (BZ#2184403) Security Fix(es): * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27522 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvirt (9.5.0). (BZ#2175785) Security Fix(es): * libvirt: improper locking in virStoragePoolObjListSearch may lead to denial of service (CVE-2023-3750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3750 The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fix(es): * postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-41862 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: RTPS dissector crash (CVE-2023-0666) * wireshark: IEEE C37.118 Synchrophasor dissector crash (CVE-2023-0668) * wireshark: Candump log file parser crash (CVE-2023-2855) * wireshark: VMS TCPIPtrace file parser crash (CVE-2023-2856) * wireshark: NetScaler file parser crash (CVE-2023-2858) * wireshark: XRA dissector infinite loop (CVE-2023-2952) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0666 CVE-2023-0668 CVE-2023-2855 CVE-2023-2856 CVE-2023-2858 CVE-2023-2952 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * golang.org/x/net/html: Cross site scripting (CVE-2023-3978) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * containerd: Supplementary groups are not set up properly (CVE-2023-25173) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-25173 CVE-2023-29400 CVE-2023-29406 CVE-2023-3978 The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fix(es): * rabbitmq-c/librabbitmq: Insecure credentials submission (CVE-2023-35789) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-35789 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python3.11 (3.11.5). (BZ#2210785) Security Fix(es): * python: tarfile module directory traversal (CVE-2007-4559) * python: file path truncation at \0 characters (CVE-2023-41105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2007-4559 CVE-2023-41105 The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow (CVE-2023-3138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3138 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Empty entry in Java class path (CVE-2022-38745) * libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) * libreoffice: Arbitrary file write (CVE-2023-1183) * libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-38745 CVE-2023-0950 CVE-2023-1183 CVE-2023-2255 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. The following packages have been upgraded to a later upstream version: flatpak (1.12.8). (BZ#2221792) Security Fix(es): * flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (CVE-2023-28100) * flatpak: Metadata with ANSI control codes can cause misleading terminal output (CVE-2023-28101) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28100 CVE-2023-28101 The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28450 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: arbitrary code execution (CVE-2023-32393) * webkitgtk: bypass Same Origin Policy (CVE-2023-38572) * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592) * webkitgtk: arbitrary code execution (CVE-2023-38594) * webkitgtk: arbitrary code execution (CVE-2023-38595) * webkitgtk: arbitrary code execution (CVE-2023-38597) * webkitgtk: arbitrary code execution (CVE-2023-38600) * webkitgtk: arbitrary code execution (CVE-2023-38611) * webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885) * webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932) * webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954) * webkitgtk: use after free vulnerability (CVE-2023-28198) * webkitgtk: content security policy blacklist failure (CVE-2023-32370) * webkitgtk: disclose sensitive information (CVE-2023-38133) * webkitgtk: track sensitive user information (CVE-2023-38599) * webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434) * webkitgtk: arbitrary javascript code execution (CVE-2023-40397) * webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28198 CVE-2023-32370 CVE-2023-32393 CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 CVE-2023-39434 CVE-2023-40397 CVE-2023-40451 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: buffer overflow in base/sbcp.c leading to data corruption (CVE-2023-28879) * ghostscript: Out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in DoS (CVE-2023-38559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-28879 CVE-2023-38559 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: Invalid IKEv2 REKEY proposal causes restart (CVE-2023-38710) * libreswan: Invalid IKEv1 Quick Mode ID causes restart (CVE-2023-38711) * libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart (CVE-2023-38712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38710 CVE-2023-38711 CVE-2023-38712 Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator. Security Fix(es): * yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-33460 GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fix(es): * libmicrohttpd: remote DoS (CVE-2023-27371) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27371 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998) * tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708) * tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-24998 CVE-2023-28708 CVE-2023-28709 The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fix(es): * libqb: Buffer overflow in log_blackbox.c (CVE-2023-39976) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39976 The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635) * hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964) * hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) * hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-36351) * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) * hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-38076) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-20569 CVE-2022-27635 CVE-2022-36351 CVE-2022-38076 CVE-2022-40964 CVE-2022-46329 The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: heap buffer overflow may lead to DoS (CVE-2023-32324) * cups: use-after-free in cupsdAcceptClient() in scheduler/client.c (CVE-2023-34241) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-32324 CVE-2023-34241 The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fix(es): * protobuf-c: unsigned integer overflow in parse_required_member (CVE-2022-48468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-48468 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: GVariant offset table entry size is not checked in is_normal() (CVE-2023-29499) * glib: g_variant_byteswap() can take a long time with some non-normal inputs (CVE-2023-32611) * glib: GVariant deserialisation does not match spec for non-normal data (CVE-2023-32665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29499 CVE-2023-32611 CVE-2023-32665 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155) * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) * go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158) * Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341) * Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407) * buildah: Buildah allows arbitrary directory mount (CVE-2024-9675) * Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9341 CVE-2024-9407 CVE-2024-9675 CVE-2024-9676 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fix(es): * shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4641 The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares (1.19.1). (BZ#2210370) Security Fix(es): * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) * c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147) * c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4904 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355) * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-9355 CVE-2024-47875 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): * libssh: NULL pointer dereference during rekeying with algorithm guessing (CVE-2023-1667) * libssh: authorization bypass in pki_verify_data_signature (CVE-2023-2283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1667 CVE-2023-2283 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python3.9 (3.9.18). (BZ#2210783) Security Fix(es): * python: tarfile module directory traversal (CVE-2007-4559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2007-4559 The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: libppd: remote command injection via attacker controlled data in PPD file () For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-47175 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399) * kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564) * kernel: bpf: Fix a kernel verifier crash in stacksafe() (CVE-2024-45020) * kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out (CVE-2024-46697) * kernel: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CVE-2024-47675) * kernel: bpf: Fix a sdiv overflow issue (CVE-2024-49888) * kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099) * kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110) * kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125) * kernel: Bluetooth: ISO: Fix UAF on iso_sock_timeout (CVE-2024-50124) * kernel: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (CVE-2024-50115) * kernel: xfrm: validate new SA&#39;s prefixlen using SA family when sel.family is unset (CVE-2024-50142) * kernel: Bluetooth: bnep: fix wild-memory-access in proto_unregister (CVE-2024-50148) * kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192) * kernel: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CVE-2024-50255) * kernel: sched/numa: Fix the potential null pointer dereference in task_numa_work() (CVE-2024-50223) * kernel: bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-27399 CVE-2024-38564 CVE-2024-45020 CVE-2024-46697 CVE-2024-47675 CVE-2024-49888 CVE-2024-50099 CVE-2024-50110 CVE-2024-50115 CVE-2024-50124 CVE-2024-50125 CVE-2024-50142 CVE-2024-50148 CVE-2024-50192 CVE-2024-50223 CVE-2024-50255 CVE-2024-50262 The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fix(es): * gmp: Integer overflow and resultant buffer overflow via crafted input (CVE-2021-43618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-43618 Expat is a C library for parsing XML documents. Security Fix(es): * libexpat: expat: DoS via XML_ResumeParser (CVE-2024-50602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-50602 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.18.6). (BZ#2190415) Security Fix(es): * samba: out-of-bounds read in winbind AUTH_CRAP (CVE-2022-2127) * samba: infinite loop in mdssvc RPC service for spotlight (CVE-2023-34966) * samba: type confusion in mdssvc RPC service for spotlight (CVE-2023-34967) * samba: spotlight server-side share path disclosure (CVE-2023-34968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-2127 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: GSS delegation too eager connection re-use (CVE-2023-27536) * curl: TELNET option IAC injection (CVE-2023-27533) * curl: SFTP path ~ resolving discrepancy (CVE-2023-27534) * curl: SSH connection too eager reuse still (CVE-2023-27538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27533 CVE-2023-27534 CVE-2023-27536 CVE-2023-27538 The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Security Fix(es): * ncurses: Local users can trigger security-relevant memory corruption via malformed data (CVE-2023-29491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29491 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: Denial of service through freeing uninitialized pointer (CVE-2023-36054) * krb5: double-free in KDC TGS processing (CVE-2023-39975) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36054 CVE-2023-39975 OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): * OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5841 The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps: ps buffer overflow (CVE-2023-4016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4016 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201) * kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640) * kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826) * kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923) * kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961) * kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935) * kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383) * kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244) * kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472) * kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504) * kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904) * kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931) * kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960) * kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972) * kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977) * kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995) * kernel: ext4: fix uninitialized ratelimit_state-&gt;lock access in __ext4_fill_super() (CVE-2024-40998) * kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005) * kernel: xfs: don&#39;t walk off the end of a directory data block (CVE-2024-41013) * kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014) * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854) * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47383 CVE-2024-2201 CVE-2024-26640 CVE-2024-26826 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-36244 CVE-2024-39472 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40995 CVE-2024-40998 CVE-2024-41005 CVE-2024-41013 CVE-2024-41014 CVE-2024-43854 CVE-2024-45018 The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: infinite loop while reading websocket data (CVE-2024-52532) * libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-52530 CVE-2024-52532 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468) * avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames (CVE-2021-3502) * avahi: avahi-daemon can be crashed via DBus (CVE-2023-1981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-3468 CVE-2021-3502 CVE-2023-1981 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Integer overflow in vpx_img_alloc() (CVE-2024-5197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-5197 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents (CVE-2023-43115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-43115 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121) (CVE-2023-22025) * OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Additional validity checks in the handling of Zip64 files, JDK-8302483, were introduced in the 21.0.0 release of OpenJDK, causing the use of some valid zip files to now fail with an error. This release, 21.0.1, allows for zero-length headers and additional padding produced by some Zip64 creation tools. With both releases, the checks can be disabled using -Djdk.util.zip.disableZip64ExtraFieldValidation=true. * A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 20.0.0 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 20.0.1, increases it to 16 MB. (AlmaLinux-14954) * When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a guard page and prevent the creation of huge pages. (AlmaLinux-14962) * Installing the same java-21-openjdk-headless package on two different systems resulted in distinct classes.jsa files getting generated. This was because the CDS archive was being generated by a post script action of the java-21-openjdk-headless package. This prevented the use of the dynamic dump feature, because the checksum in the archive would be different on each system. This release resolves this issue by using the .jsa files generated during the initial build. (AlmaLinux-14946) * The /usr/bin/jfr alternative is now owned by the java-21-openjdk package. (AlmaLinux-14959) * The jcmd tool is now provided by the java-21-openjdk-headless package, rather than java-21-openjdk-devel, to make it more accessible. (AlmaLinux-14948) Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-22025 CVE-2023-22081 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464) * firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461) * firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458) * firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459) * firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467) * firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465) * firefox: DOM push subscription message could hang Firefox (CVE-2024-10466) * firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463) * firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462) * firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: smbd allows client access to unix domain sockets on the file system as root (CVE-2023-3961) * samba: SMB clients can truncate files with read-only permissions (CVE-2023-4091) * samba: "rpcecho" development server allows denial of service via sleep() call on AD DC (CVE-2023-42669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3961 CVE-2023-4091 CVE-2023-42669 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545) * curl: cookie injection with none file (CVE-2023-38546) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38545 CVE-2023-38546 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546) * kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133, CVE-2023-6932, CVE-2023-39198, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2024-1085, CVE-2024-26582) * kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555) * kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion (CVE-2022-0480) * kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-38096, CVE-2023-6622, CVE-2023-6915, CVE-2023-42754, CVE-2023-46862, CVE-2023-52574, CVE-2024-0841, CVE-2023-52448) * kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c (CVE-2022-45934) * kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable() (CVE-2023-6040) * kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF (CVE-2023-6531) * kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931) * kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses (CVE-2023-24023) * kernel: irdma: Improper access control (CVE-2023-25775) * Kernel: double free in hci_conn_cleanup of the bluetooth subsystem (CVE-2023-28464) * kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c (CVE-2023-28866) * kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl (CVE-2023-31083) * kernel: multiple out-of-bounds read vulnerabilities (CVE-2023-37453, CVE-2023-39189, CVE-2023-39193, CVE-2023-6121, CVE-2023-39194) * kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP (CVE-2023-42756) * kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write (CVE-2023-45863) * kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434) * kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489) * kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522) * kernel: multiple memory leak vulnerabilities (CVE-2023-52529, CVE-2023-52581) * kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578) * kernel: net/core: kernel crash in ETH_P_1588 flow dissector (CVE-2023-52580) * kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610) * kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565) * kernel: tls: race between async notify and socket close (CVE-2024-26583) * kernel: tls: handle backlogging of crypto requests (CVE-2024-26584) * kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585) * kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586) * kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593) * kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602) * kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-26609) * kernel: local dos vulnerability in scatterwalk_copychunks (CVE-2023-6176) * kernel: perf/x86/lbr: Filter vsyscall addresses (CVE-2023-52476) * kernel: netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620) * kernel: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-26555 CVE-2022-0480 CVE-2022-38096 CVE-2022-45934 CVE-2023-3567 CVE-2023-4133 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6531 CVE-2023-6546 CVE-2023-6622 CVE-2023-6915 CVE-2023-6931 CVE-2023-6932 CVE-2023-24023 CVE-2023-25775 CVE-2023-28464 CVE-2023-28866 CVE-2023-31083 CVE-2023-37453 CVE-2023-39189 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42756 CVE-2023-45863 CVE-2023-46862 CVE-2023-51043 CVE-2023-51779 CVE-2023-51780 CVE-2023-52434 CVE-2023-52448 CVE-2023-52450 CVE-2023-52476 CVE-2023-52489 CVE-2023-52522 CVE-2023-52529 CVE-2023-52574 CVE-2023-52578 CVE-2023-52580 CVE-2023-52581 CVE-2023-52597 CVE-2023-52610 CVE-2023-52620 CVE-2024-0565 CVE-2024-0841 CVE-2024-1085 CVE-2024-1086 CVE-2024-25744 CVE-2024-26582 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26593 CVE-2024-26602 CVE-2024-26609 CVE-2024-26633 CVE-2024-26671 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44487 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36049 CVE-2023-36558 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36049 CVE-2023-36558 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25. Security Fix(es): * dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049) * dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-36049 CVE-2023-36558 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886) * kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548) * kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596) * kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627) * kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638) * kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783) * kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (CVE-2024-26858) * kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397) * kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435) * kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958) * kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904) * kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543) * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586) * kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593) * kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270) * kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957) * kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47548 CVE-2021-47596 CVE-2022-48627 CVE-2023-52638 CVE-2024-26783 CVE-2024-26858 CVE-2024-27397 CVE-2024-27435 CVE-2024-35958 CVE-2024-36270 CVE-2024-36886 CVE-2024-36904 CVE-2024-36957 CVE-2024-38543 CVE-2024-38586 CVE-2024-38593 CVE-2024-38663 The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fix(es): * open-vm-tools: SAML token signature bypass (CVE-2023-34058) * open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-34058 CVE-2023-34059 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.5.0 ESR. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206) * Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207) * Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212) * Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208) * Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es): * apr: integer overflow/wraparound in apr_encode (CVE-2022-24963) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-24963 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-42917 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39615 The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920) * python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-37920 CVE-2023-43804 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321) * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29409 CVE-2023-39321 CVE-2023-39322 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319) * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321) * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869) * postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868) * postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417) * postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2023 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39417 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fix(es): * Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856) * Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864) * Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761) * Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762) * Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857) * Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858) * Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859) * Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860) * Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861) * Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862) * Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-50761 CVE-2023-50762 CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863 CVE-2023-6864 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) * xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) * xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5367 CVE-2023-6377 CVE-2023-6478 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fix(es): * Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856) * Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864) * Mozilla: Potential exposure of uninitialized data in <code>EncryptingOutputStream</code> (CVE-2023-6865) * Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857) * Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858) * Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859) * Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860) * Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861) * Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862) * Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867) * Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863 CVE-2023-6864 CVE-2023-6865 CVE-2023-6867 Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: timing attack against RSA decryption (CVE-2023-5388) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5388 AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * ipa: Invalid CSRF protection (CVE-2023-5455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5455 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: data isolation bypass vulnerability (CVE-2024-44309) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-44309 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26. Security Fix(es): * dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056) * dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057) * dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) * OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952) * OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919) * OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921) * OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20945 CVE-2024-20952 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) * OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952) * OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919) * OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921) * OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926) * OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In the previous release in October 2023 (8u392), the RPMs on AlmaLinux 8 were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, "Requires: java-headless 1:1.8.0"). This change has now been reverted to the old "1:1.8.0" value. (AlmaLinux-19636, AlmaLinux-19637) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) * OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952) * OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919) * OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921) * OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926) * OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) * OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123) (CVE-2024-20932) * OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952) * OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919) * OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921) * OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a guard page and prevent the creation of huge pages. (AlmaLinux-13930, AlmaLinux-13931, AlmaLinux-13934, AlmaLinux-13935) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Incorrect cipher key and IV length processing (CVE-2023-5363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5363 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: 1-byte array overrun in common path resolve code (CVE-2023-0568) * php: DoS vulnerability when parsing multipart request body (CVE-2023-0662) * php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247) * php: XML loading external entity without being enabled (CVE-2023-3823) * php: phar Buffer mismanagement (CVE-2023-3824) * php: Password_verify() always return true with some hash (CVE-2023-0567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937) * rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938) * rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-35937 CVE-2021-35938 CVE-2021-35939 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-7104 The tuned packages provide a service that tunes system settings according to a selected profile. Security Fix(es): * tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root (CVE-2024-52336) * tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method (CVE-2024-52337) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-52336 CVE-2024-52337 The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fix(es): * bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail). (CVE-2019-12900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2019-12900 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nftables: nft_set_rbtree skip end interval element from gc (CVE-2024-26581) * kernel: netfilter: nft_limit: reject configurations that cause integer overflow (CVE-2024-26668) * kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810) * kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CVE-2024-26855) * kernel: x86/xen: Add some null pointer checking to smp.c (CVE-2024-26908) * kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (CVE-2024-26925) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019) * kernel: netfilter: flowtable: validate pppoe header (CVE-2024-27016) * kernel: netfilter: bridge: confirm multicast packets before passing them up the stack (CVE-2024-27415) * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839) * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898) * kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897) * kernel: netfilter: validate user input for expected length (CVE-2024-35896) * kernel: netfilter: complete validation of user input (CVE-2024-35962) * kernel: ice: fix LAG and VF lock dependency in ice_reset_vf() (CVE-2024-36003) * kernel: cxl/port: Fix delete_endpoint() vs parent unregistration race (CVE-2023-52771) * kernel: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (CVE-2023-52880) * kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (CVE-2024-36025) * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608) * kernel: crypto: bcm - Fix pointer arithmetic (CVE-2024-38579) * kernel: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (CVE-2024-38544) * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540) * kernel: net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538) * kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (CVE-2024-39476) * kernel: ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905) * kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station (CVE-2024-40911) * kernel: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CVE-2024-40912) * kernel: mm/huge_memory: don&#39;t unpoison huge_zero_folio (CVE-2024-40914) * kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CVE-2024-40929) * kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (CVE-2024-40939) * kernel: wifi: iwlwifi: mvm: don&#39;t read past the mfuart notifcation (CVE-2024-40941) * kernel: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (CVE-2024-40957) * kernel: scsi: qedi: Fix crash while reading debugfs attribute (CVE-2024-40978) * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983) * kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090) * kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091) * kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041) * kernel: NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076) * kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CVE-2024-42110) * kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-52771 CVE-2023-52880 CVE-2024-26581 CVE-2024-26668 CVE-2024-26810 CVE-2024-26855 CVE-2024-26908 CVE-2024-26925 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27415 CVE-2024-35839 CVE-2024-35896 CVE-2024-35897 CVE-2024-35898 CVE-2024-35962 CVE-2024-36003 CVE-2024-36025 CVE-2024-38538 CVE-2024-38540 CVE-2024-38544 CVE-2024-38579 CVE-2024-38608 CVE-2024-39476 CVE-2024-40905 CVE-2024-40911 CVE-2024-40912 CVE-2024-40914 CVE-2024-40929 CVE-2024-40939 CVE-2024-40941 CVE-2024-40957 CVE-2024-40978 CVE-2024-40983 CVE-2024-41041 CVE-2024-41076 CVE-2024-41090 CVE-2024-41091 CVE-2024-42110 CVE-2024-42152 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27043 The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: bypass the GRUB password protection feature (CVE-2023-4001) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4001 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) * tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) * tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-41080 CVE-2023-42794 CVE-2023-42795 CVE-2023-45648 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6232 Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. Security Fix(es): * python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6232 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981) * gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553) * gnutls: rejects certificate chain with distributed trust (CVE-2024-0567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5981 CVE-2024-0553 CVE-2024-0567 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816) * xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229) * xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885) * xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fix(es): * Mozilla: Out of bounds write in ANGLE (CVE-2024-0741) * Mozilla: Failure to update user input timestamp (CVE-2024-0742) * Mozilla: Crash when listing printers on Linux (CVE-2024-0746) * Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747) * Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750) * Mozilla: Privilege escalation through devtools (CVE-2024-0751) * Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753) * Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0747 CVE-2024-0749 CVE-2024-0750 CVE-2024-0751 CVE-2024-0753 CVE-2024-0755 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.7.0 ESR. Security Fix(es): * Mozilla: Out of bounds write in ANGLE (CVE-2024-0741) * Mozilla: Failure to update user input timestamp (CVE-2024-0742) * Mozilla: Crash when listing printers on Linux (CVE-2024-0746) * Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747) * Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750) * Mozilla: Privilege escalation through devtools (CVE-2024-0751) * Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753) * Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0747 CVE-2024-0749 CVE-2024-0750 CVE-2024-0751 CVE-2024-0753 CVE-2024-0755 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2025-30204 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746) * kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403) * kernel: Revert &#34;net/mlx5: Block entering switchdev mode with ns inconsistency&#34; (CVE-2023-52658) * kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CVE-2024-35989) * kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385) * kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889) * kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978) * kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556) * kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CVE-2024-39483) * kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502) * kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CVE-2024-40959) * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079) * kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272) * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47385 CVE-2023-28746 CVE-2023-52658 CVE-2024-27403 CVE-2024-35989 CVE-2024-36889 CVE-2024-36978 CVE-2024-38556 CVE-2024-39483 CVE-2024-39502 CVE-2024-40959 CVE-2024-42079 CVE-2024-42272 CVE-2024-42284 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * runc: file descriptor leak (CVE-2024-21626) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21626 The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): * gimp: dds buffer overflow RCE (CVE-2023-44441) * gimp: PSD buffer overflow RCE (CVE-2023-44442) * gimp: psp integer overflow RCE (CVE-2023-44443) * gimp: psp off-by-one RCE (CVE-2023-44444) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: vulnerable to Minerva side-channel information leak (CVE-2023-6135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6135 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21386 CVE-2024-21404 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21386 CVE-2024-21404 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2. Security Fix(es): * dotnet: Denial of Service in SignalR server (CVE-2024-21386) * dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21386 CVE-2024-21404 PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0985 PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0985 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.8.0 ESR. Security Fix(es): * Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546) * Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547) * Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553) * Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548) * Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549) * Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550) * Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551) * Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fix(es): * Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546) * Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547) * Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553) * Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548) * Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549) * Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550) * Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551) * Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) * CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743) Bug Fix(es): * ffdhe* algortihms introduced in 0a2e5b909023 as .fips_allowed=1 lack pairwise consistency tests (JIRA:AlmaLinux-27009) * mm/mglru: fix underprotected page cache (JIRA:AlmaLinux-29235) * [EMR] [TBOOT OS] SUT could not go to S3 state with AlmaLinux 9.2 Tboot OS One CPU return -16 running BUSY (JIRA:AlmaLinux-29673) * system hangs completely - NMI not possible (JIRA:AlmaLinux-30678) * ice 0000:6f:00.0: PTP failed to get time (JIRA:AlmaLinux-30110) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5090 CVE-2023-6240 CVE-2024-25742 CVE-2024-25743 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-50387 CVE-2023-50868 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230) * edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45230 CVE-2023-45234 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-46218 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795) * openssh: potential command injection via shell metacharacters (CVE-2023-51385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-48795 CVE-2023-51385 The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) * golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39326 CVE-2023-45285 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-46589 Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fix(es): * keylime: Attestation failure when the quote's signature does not validate (CVE-2023-3674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3674 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982) * mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962) * mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953) * mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955) * mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966) * mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972) * mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980) * mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057) * mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112) * mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033) * mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046) * mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058) * mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114) * mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111) * mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115) * mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964) * mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967) * mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981) * mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983) * mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984) * mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985) * zstd: mysql: buffer overrun in util.c (CVE-2022-4899) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048) * mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113) Bug Fix(es): * Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (AlmaLinux-22454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-4899 CVE-2023-21911 CVE-2023-21919 CVE-2023-21920 CVE-2023-21929 CVE-2023-21933 CVE-2023-21935 CVE-2023-21940 CVE-2023-21945 CVE-2023-21946 CVE-2023-21947 CVE-2023-21953 CVE-2023-21955 CVE-2023-21962 CVE-2023-21966 CVE-2023-21972 CVE-2023-21976 CVE-2023-21977 CVE-2023-21980 CVE-2023-21982 CVE-2023-22005 CVE-2023-22007 CVE-2023-22008 CVE-2023-22032 CVE-2023-22033 CVE-2023-22038 CVE-2023-22046 CVE-2023-22048 CVE-2023-22053 CVE-2023-22054 CVE-2023-22056 CVE-2023-22057 CVE-2023-22058 CVE-2023-22059 CVE-2023-22064 CVE-2023-22065 CVE-2023-22066 CVE-2023-22068 CVE-2023-22070 CVE-2023-22078 CVE-2023-22079 CVE-2023-22084 CVE-2023-22092 CVE-2023-22097 CVE-2023-22103 CVE-2023-22104 CVE-2023-22110 CVE-2023-22111 CVE-2023-22112 CVE-2023-22113 CVE-2023-22114 CVE-2023-22115 CVE-2024-20960 CVE-2024-20961 CVE-2024-20962 CVE-2024-20963 CVE-2024-20964 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20968 CVE-2024-20969 CVE-2024-20970 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20974 CVE-2024-20976 CVE-2024-20977 CVE-2024-20978 CVE-2024-20981 CVE-2024-20982 CVE-2024-20983 CVE-2024-20984 CVE-2024-20985 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643) * kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642) * kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673) * kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-26642 CVE-2024-26643 CVE-2024-26673 CVE-2024-26804 CVE-2024-35890 The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Security Fix(es): * opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0914 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735) * kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-26735 CVE-2024-26993 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21392 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3. Security Fix(es): * dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21392 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (CVE-2023-52626) * kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801) * kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974) * kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393) * kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667) * kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870) * kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960) * kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400) Bug Fix(es): * cifs - kernel panic with cifs_put_smb_ses (JIRA:AlmaLinux-28943) * BUG: unable to handle page fault for address: ff16bf752f593ff8 [almalinux-9.4.z] (JIRA:AlmaLinux-35672) * [HPE 9.4 Bug] Request merge of AMD address translation library patch series [almalinux-9.4.z] (JIRA:AlmaLinux-36220) * [AlmaLinux9] kernel BUG at lib/list_debug.c:51! [almalinux-9.4.z] (JIRA:AlmaLinux-36687) * ice: DPLL-related fixes [almalinux-9.4.z] (JIRA:AlmaLinux-36716) * CNB95: net/sched: update TC core to upstream v6.8 [almalinux-9.4.z] (JIRA:AlmaLinux-37641) * IPv6: SR: backport fixes from upstream [almalinux-9.4.z] (JIRA:AlmaLinux-37669) * [RFE] Backport tmpfs noswap mount option [almalinux-9.4.z] (JIRA:AlmaLinux-38252) * Isolated cores causing issues on latest AlmaLinux9.4 kernel and not functioning as desired. [almalinux-9.4.z] (JIRA:AlmaLinux-38595) * [ice] Add automatic VF reset on Tx MDD events [almalinux-9.4.z] (JIRA:AlmaLinux-39083) * [HPEMC AlmaLinux 9.4 REGRESSION] turbostat: turbostat broken on 10+ sockets. [almalinux-9.4.z] (JIRA:AlmaLinux-34953) * bnx2x: fix crashes in PCI error handling, resource leaks [almalinux-9.4.z] (JIRA:AlmaLinux-43272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47400 CVE-2023-52626 CVE-2023-52667 CVE-2024-26801 CVE-2024-26974 CVE-2024-27393 CVE-2024-35870 CVE-2024-35960 The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-50387 CVE-2023-50868 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * CVE-2023-6186 libreoffice: various flaws (JIRA:AlmaLinux-20657) * CVE-2023-6185 libreoffice: various flaws (JIRA:AlmaLinux-20657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6185 CVE-2023-6186 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458) * kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773) * kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737) * kernel: dm: call the resume method on internal suspend (CVE-2024-26880) * kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (CVE-2024-26852) * kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982) * kernel: nfp: flower: handle acti_netdevs allocation failure (CVE-2024-27046) * kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030) * kernel: icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857) * kernel: mlxbf_gige: call request_irq() after NAPI initialized (CVE-2024-35907) * kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885) * kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809) * kernel: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (CVE-2021-47459) * kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (CVE-2024-36924) * kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952) * kernel: net: amd-xgbe: Fix skb data length underflow (CVE-2022-48743) * kernel: epoll: be better about file lifetimes (CVE-2024-38580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47459 CVE-2022-48743 CVE-2023-52458 CVE-2023-52809 CVE-2024-26737 CVE-2024-26773 CVE-2024-26852 CVE-2024-26880 CVE-2024-26982 CVE-2024-27030 CVE-2024-27046 CVE-2024-35857 CVE-2024-35885 CVE-2024-35907 CVE-2024-36924 CVE-2024-36952 CVE-2024-38580 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-22019 The golang packages provide the Go programming language compiler. Security Fix(es): * golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.9.1 ESR. Security Fix(es): * nss: timing attack against RSA decryption (CVE-2023-5388) * Mozilla: Crash in NSS TLS method (CVE-2024-0743) * Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607) * Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608) * Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616) * Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610) * Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611) * Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612) * Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614) * Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Critical Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5388 CVE-2024-0743 CVE-2024-2607 CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 CVE-2024-2616 CVE-2024-29944 grafana-pcp is an open source Grafana plugin for PCP. Security Fix(es): * grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 Expat is a C library for parsing XML documents. Security Fix(es): * expat: parsing large tokens can trigger a denial of service (CVE-2023-52425) * expat: XML Entity Expansion (CVE-2024-28757) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-52425 CVE-2024-28757 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-29052) Security Fix(es): * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617) * ruby: ReDoS vulnerability in Time (CVE-2023-28756) Bug Fix(es): * ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (AlmaLinux-29048) * ruby: Ruby cannot read private key in FIPS mode on AlmaLinux 9 (AlmaLinux-12437) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-33621 CVE-2023-28755 CVE-2023-28756 CVE-2023-36617 Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): * pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass (CVE-2024-10963) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-10963 The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (CVE-2024-11218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-11218 Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-30156 The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. The default combination of the "control-use-cert: no" option with either explicit or implicit use of an IP address in the "control-interface" option could allow improper access. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged local process to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. To mitigate the vulnerability, a new file "/etc/unbound/conf.d/remote-control.conf" has been added and included in the main unbound configuration file, "unbound.conf". The file contains two directives that should limit access to unbound.conf: control-interface: "/run/unbound/control" control-use-cert: "yes" For details about these directives, run "man unbound.conf". Updating to the version of unbound provided by this advisory should, in most cases, address the vulnerability. To verify that your configuration is not vulnerable, use the "unbound-control status | grep control" command. If the output contains "control(ssl)" or "control(namedpipe)", your configuration is not vulnerable. If the command output returns only "control", the configuration is vulnerable because it does not enforce access only to the unbound group members. To fix your configuration, add the line "include: /etc/unbound/conf.d/remote-control.conf" to the end of the file "/etc/unbound/unbound.conf". If you use a custom "/etc/unbound/conf.d/remote-control.conf" file, add the new directives to this file. (CVE-2024-1488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1488 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) * bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 CVE-2023-6516 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21011 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: Pack200 excessive memory allocation (8322114) (CVE-2024-21085) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507) (CVE-2024-21094) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: long Exception message leading to crash (8319851) (CVE-2024-21011) * OpenJDK: integer overflow in C1 compiler address generation (8322122) (CVE-2024-21068) * OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) (CVE-2024-21012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834) * gnutls: potential crash during chain building/verification (CVE-2024-28835) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-28834 CVE-2024-28835 The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547) * shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems (CVE-2023-40548) * shim: Out-of-bounds read printing error messages (CVE-2023-40546) * shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549) * shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550) * shim: out of bounds read when parsing MZ binaries (CVE-2023-40551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fix(es): * GetBoundName in the JIT returned the wrong object (CVE-2024-3852) * Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854) * Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857) * Permission prompt input delay could expire when not in focus (CVE-2024-2609) * Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859) * Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861) * Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2609 CVE-2024-3852 CVE-2024-3854 CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864 The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45288 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: Missing PreSharedKey for connection can cause crash (CVE-2024-2357) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2357 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) * rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141) * rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-25126 CVE-2024-26141 CVE-2024-26146 Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fix(es): * osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2307 WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414) * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852) * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213) * webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745) * webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359) * webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928) * webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983) * webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883) * webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890) * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2014-1745 CVE-2023-32359 CVE-2023-39928 CVE-2023-40414 CVE-2023-41983 CVE-2023-42852 CVE-2023-42883 CVE-2023-42890 CVE-2024-23206 CVE-2024-23213 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() (CVE-2023-3019) * QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service (CVE-2023-3255) * QEMU: improper IDE controller reset can lead to MBR overwrite (CVE-2023-5088) * QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() (CVE-2023-6683) * QEMU: am53c974: denial of service due to division by zero (CVE-2023-42467) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3019 CVE-2023-3255 CVE-2023-42467 CVE-2023-5088 CVE-2023-6683 LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Security Fix(es): * LibRaw: a heap-buffer-overflow in raw2image_ex() (CVE-2023-1729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1729 The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785) * libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786) * libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-43785 CVE-2023-43786 CVE-2023-43787 X.Org X11 libXpm runtime library. Security Fix(es): * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) * libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-43788 CVE-2023-43789 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (CVE-2024-11218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2025 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-11218 AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1481 Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319) * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39318 CVE-2023-39319 CVE-2023-39326 X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) * xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) * xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) * xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816) * xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229) * xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408) * xorg-x11-server: SELinux context corruption (CVE-2024-0409) * xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885) * xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886) * xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5367 CVE-2023-5380 CVE-2023-6377 CVE-2023-6478 CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886 The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2023-45287 libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-33065 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) * golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39326 CVE-2023-45287 The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): * pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-41915 Network Block Device (NBD) is a protocol for accessing Block Devices (hard disks and disk-like devices) over a Network. The libnbd is a userspace client library for writing NBD clients. Security Fix(es): * libnbd: Malicious NBD server may crash libnbd (CVE-2023-5871) * libnbd: Crash or misbehaviour when NBD server returns an unexpected block size (CVE-2023-5215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5215 CVE-2023-5871 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350) * freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351) * freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352) * freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356) * freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186) * freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567) * freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569) * freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589) * freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353) * freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354) * freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181) * freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-39350 CVE-2023-39351 CVE-2023-39352 CVE-2023-39353 CVE-2023-39354 CVE-2023-39356 CVE-2023-40181 CVE-2023-40186 CVE-2023-40188 CVE-2023-40567 CVE-2023-40569 CVE-2023-40589 Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): * pcp: unsafe use of directories allows pcp to root privilege escalation (CVE-2023-6917) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6917 The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager. Security Fix(es): * libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788) * libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-43788 CVE-2023-43789 Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-47038 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: NULL pointer dereference in udevConnectListAllInterfaces() (CVE-2024-2496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2496 Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix(es): * ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690) Bug Fix(es): * Update ansible-core to 2.14.14 (JIRA:AlmaLinux-23783) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-0690 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) * EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763) * EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764) * edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229) * edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231) * edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232) * edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233) * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-36763 CVE-2022-36764 CVE-2023-3446 CVE-2023-45229 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45235 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt: incorrect integer overflow check (CVE-2023-51714) * qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-51714 CVE-2024-25580 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-31122 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-27043 The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c (CVE-2021-29390) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-29390 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: Use-after-free bug in DamageDestroy (CVE-2023-5574) * xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5380 CVE-2023-5574 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins. Security Fix(es): * gstreamer-plugins-base: heap overwrite in subtitle parsing (CVE-2023-37328) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-37328 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: phy: (CVE-2024-26600) * kernel: netfilter: multiple flaws (CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005) * kernel: cifs: (CVE-2024-26828) * kernel: wifi: multiple flaws (CVE-2024-26897, CVE-2024-27052, CVE-2024-27049, CVE-2023-52651, CVE-2024-35789, CVE-2024-27434, CVE-2024-35845, CVE-2024-35937, CVE-2024-36941, CVE-2024-36922, CVE-2024-36921, CVE-2024-38575) * kernel: nfs: (CVE-2024-26868) * kernel: igc: (CVE-2024-26853) * kernel: dmaengine/idxd: (CVE-2024-21823) * kernel: ipv6: multiple flaws (CVE-2024-27417, CVE-2024-35969, CVE-2024-36903, CVE-2024-40961) * kernel: vt: (CVE-2024-35823) * kernel: efi: (CVE-2024-35800) * kernel: mlxsw: (CVE-2024-35852) * kernel: eeprom: (CVE-2024-35848) * kernel: ice: (CVE-2024-35911) * kernel: platform/x86: (CVE-2023-52864) * kernel: i40e: (CVE-2024-36020) * kernel: rtnetlink: (CVE-2024-36017) * kernel: net: multiple flaws (CVE-2024-36929, CVE-2024-36971, CVE-2021-47606, CVE-2024-38558, CVE-2024-40928, CVE-2024-40954) * kernel: ipvlan: (CVE-2024-33621) * kernel: tcp: (CVE-2024-37356) * kernel: virtio: (CVE-2024-37353) * kernel: tls: (CVE-2024-36489) * kernel: cxl/region: (CVE-2024-38391) * kernel: bonding: (CVE-2024-39487) * kernel: netns: (CVE-2024-40958) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-47606 CVE-2023-52651 CVE-2023-52864 CVE-2024-21823 CVE-2024-26600 CVE-2024-26808 CVE-2024-26828 CVE-2024-26853 CVE-2024-26868 CVE-2024-26897 CVE-2024-27049 CVE-2024-27052 CVE-2024-27065 CVE-2024-27417 CVE-2024-27434 CVE-2024-33621 CVE-2024-35789 CVE-2024-35800 CVE-2024-35823 CVE-2024-35845 CVE-2024-35848 CVE-2024-35852 CVE-2024-35899 CVE-2024-35911 CVE-2024-35937 CVE-2024-35969 CVE-2024-36005 CVE-2024-36017 CVE-2024-36020 CVE-2024-36489 CVE-2024-36903 CVE-2024-36921 CVE-2024-36922 CVE-2024-36929 CVE-2024-36941 CVE-2024-36971 CVE-2024-37353 CVE-2024-37356 CVE-2024-38391 CVE-2024-38558 CVE-2024-38575 CVE-2024-39487 CVE-2024-40928 CVE-2024-40954 CVE-2024-40958 CVE-2024-40961 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-37327 MinGW (Minimalist GNU for Windows) is a free and open source software development environment to create Microsoft Windows applications. Security Fix(es): * binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfd_getl64 (CVE-2023-1579) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-1579 HarfBuzz is an implementation of the OpenType Layout engine. Security Fix(es): * harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-25193 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469) * avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470) * avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471) * avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472) * avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): * pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-22365 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) * openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446) * OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817) * openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678) * openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) * openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237) * openssl: denial of service via null dereference (CVE-2024-0727) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-2975 CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 CVE-2023-6129 CVE-2023-6237 CVE-2024-0727 The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048) * grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692) * grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4692 CVE-2023-4693 CVE-2024-1048 The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fix(es): * python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-49083 The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (CVE-2023-7008) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-7008 libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): * libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004) * libssh: Missing checks for return values for digests (CVE-2023-6918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6004 CVE-2023-6918 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * file: stack-based buffer over-read in file_copystr in funcs.c (CVE-2022-48554) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-48554 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: GVariant offset table entry size is not checked in is_normal() (CVE-2023-29499) * glib: g_variant_byteswap() can take a long time with some non-normal inputs (CVE-2023-32611) * glib: Timeout in fuzz_variant_text (CVE-2023-32636) * glib: GVariant deserialisation does not match spec for non-normal data (CVE-2023-32665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Low Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-29499 CVE-2023-32611 CVE-2023-32636 CVE-2023-32665 The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2020-18770 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463) * kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629) * kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630) * kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720) * kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886) * kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946) * kernel: KVM: SVM: Flush pages under kvm-&gt;lock to fix UAF in svm_register_enc_region() (CVE-2024-35791) * kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797) * kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875) * kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000) * kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801) * kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883) * kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019) * kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) * kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979) * kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559) * kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927) * kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936) * kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040) * kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044) * kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055) * kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096) * kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082) * kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096) * kernel: Revert &#34;mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again&#34; (CVE-2024-42102) * kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131) * kernel: nvme: avoid double free special payload (CVE-2024-41073) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-52463 CVE-2023-52801 CVE-2024-26629 CVE-2024-26630 CVE-2024-26720 CVE-2024-26886 CVE-2024-26946 CVE-2024-35791 CVE-2024-35797 CVE-2024-35875 CVE-2024-36000 CVE-2024-36019 CVE-2024-36883 CVE-2024-36979 CVE-2024-38559 CVE-2024-38619 CVE-2024-40927 CVE-2024-40936 CVE-2024-41040 CVE-2024-41044 CVE-2024-41055 CVE-2024-41073 CVE-2024-41096 CVE-2024-42082 CVE-2024-42096 CVE-2024-42102 CVE-2024-42131 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: * podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) * podman: buildah: full container escape at build time (CVE-2024-1753) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * liveness probe not called by podman when using httpGet (JIRA:AlmaLinux-28633) * Unable to copy image from one virtual machine to another using "podman image scp" (JIRA:AlmaLinux-28629) * [v4.9] Backport two docker CLI compatibility fixes (JIRA:AlmaLinux-28636) * Issue in podman causing S2I to fail in overwriting ENTRYPOINT (JIRA:AlmaLinux-14922) * Need to backport podman fix for SIGSEGV in AlmaLinux 9.3/8.9 for UBI based containers (JIRA:AlmaLinux-26843) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1753 CVE-2024-24786 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) * bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) * bind: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) * bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679) * bind: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517) * bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) Bug Fix(es): * bind-dyndb-ldap: rebuilt to adapt ABI changes in bind For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 CVE-2023-6516 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439) * kernel: net/sched: act_mirred: don't override retval if we already lost the skb (CVE-2024-26739) * kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947) * kernel: scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931) * kernel: scsi: qla2xxx: Fix double free of the ha-&gt;vp_map pointer (CVE-2024-26930) * kernel: scsi: qla2xxx: Fix double free of fcport (CVE-2024-26929) * kernel: fork: defer linking file vma until vma is fully initialized (CVE-2024-27022) * kernel: KVM: x86/mmu: x86: Don&#39;t overflow lpage_info when checking attributes (CVE-2024-26991) * kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895) * kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016) * kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899) * kernel: cpufreq: exit() callback is optional (CVE-2024-38615) * kernel: ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601) * kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573) * kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570) * kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing (CVE-2024-38562) * kernel: Input: cyapa - add missing input core locking to suspend/resume functions (CVE-2023-52884) * kernel: ACPICA: Revert &#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.&#34; (CVE-2024-40984) * kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071) * kernel: wifi: mt76: replace skb_put with skb_put_zero (CVE-2024-42225) * kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-52439 CVE-2023-52884 CVE-2024-26739 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26947 CVE-2024-26991 CVE-2024-27022 CVE-2024-35895 CVE-2024-36016 CVE-2024-36899 CVE-2024-38562 CVE-2024-38570 CVE-2024-38573 CVE-2024-38601 CVE-2024-38615 CVE-2024-40984 CVE-2024-41071 CVE-2024-42225 CVE-2024-42246 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: * libvirt: off-by-one error in udevListInterfacesByStatus() (CVE-2024-1441) * libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * libvirt: off-by-one error in udevListInterfacesByStatus() [almalinux-9] (JIRA:AlmaLinux-25081) * libvirt: negative g_new0 length can lead to unbounded memory allocation [almalinux-9] (JIRA:AlmaLinux-29515) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1441 CVE-2024-2494 The golang packages provide the Go programming language compiler. Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289) * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783) * golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784) * golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785) * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-1394 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: Missing PreSharedKey for connection can cause crash (CVE-2024-2357) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2357 Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): * pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-3019 Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) * grafana: vulnerable to authorization bypass (CVE-2024-1313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1313 CVE-2024-1394 grafana-pcp is an open source Grafana plugin for PCP. Security Fix(es): * grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834) * gnutls: potential crash during chain building/verification (CVE-2024-28835) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-28834 CVE-2024-28835 The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758) Bug Fix(es): * socket leak (JIRA:AlmaLinux-22340) * Passkey cannot fall back to password (JIRA:AlmaLinux-28161) * sssd: Race condition during authorization leads to GPO policies functioning inconsistently (JIRA:AlmaLinux-27209) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-3758 Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080) * xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081) * xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-25062 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-30045 CVE-2024-30046 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19. Security Fix(es): * dotnet: stack buffer overrun in Double Parse (CVE-2024-30045) * dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-30045 CVE-2024-30046 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-22025 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-28182 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767) * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768) * firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769) * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770) * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-22025 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-28182 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es) and Enhancement(s): * Rebase tomcat to version 9.0.87 (JIRA:AlmaLinux-34815) * Amend tomcat's changelog so that fixed CVEs are mentioned explicitly (JIRA:AlmaLinux-35328) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-23672 CVE-2024-24549 The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (CVE-2024-2961) * glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599) * glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600) * glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) * glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-28182 The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time. Security Fix(es): * booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (CVE-2024-3049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-3049 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-35449) Security Fix(es): * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698) * freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force (CVE-2024-3183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2698 CVE-2024-3183 The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * jinja2: accepts keys containing non-attribute characters (CVE-2024-34064) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-34064 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: * podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) * podman: golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * podman: jose: resource exhaustion (CVE-2024-28176) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45290 CVE-2024-28176 CVE-2024-28180 A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-45290 The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-48622 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185) * libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6185 CVE-2023-6186 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) * 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2199 CVE-2024-3657 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.0). (AlmaLinux-35740) Security Fix(es): * ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) * ruby: ReDoS vulnerability in URI (CVE-2023-28755) * ruby: ReDoS vulnerability in Time (CVE-2023-28756) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2021-33621 CVE-2023-28755 CVE-2023-28756 CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): * cockpit: command injection when deleting a sosreport with a crafted name (CVE-2024-2947) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-2947 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.12.0 ESR. Security Fix(es): * firefox: Use-after-free in networking (CVE-2024-5702) * firefox: Use-after-free in JavaScript object transplant (CVE-2024-5688) * firefox: External protocol handlers leaked by timing attack (CVE-2024-5690) * firefox: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691) * firefox: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693) * firefox: Memory Corruption in Text Fragments (CVE-2024-5696) * firefox: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-5688 CVE-2024-5690 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786) Bug Fix(es): * TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [almalinux-9] - AlmaLinux 9.4 0day (JIRA:AlmaLinux-28235) * skopeo: jose-go: improper handling of highly compressed data [almalinux-9] (JIRA:AlmaLinux-28736) Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-24786 CVE-2024-28180 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-32462 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-6597 CVE-2024-0450 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: Recursive clones RCE (CVE-2024-32002) * git: RCE while cloning local repos (CVE-2024-32004) * git: additional local RCE (CVE-2024-32465) * git: insecure hardlinks (CVE-2024-32020) * git: symlink bypass (CVE-2024-32021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): * dogtag ca: token authentication bypass vulnerability (CVE-2023-4727) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-4727 The golang packages provide the Go programming language compiler. Security Fix(es): * golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789) * golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-24789 CVE-2024-24790 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write (CVE-2024-4467) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-4467 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Possible remote code execution due to a race condition in signal handling (CVE-2024-6387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6387 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-1394 The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-37891 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464) * firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461) * firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458) * firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459) * firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467) * firefox: thunderbird: Clipboard "paste" button persisted across tabs (CVE-2024-10465) * firefox: DOM push subscription message could hang Firefox (CVE-2024-10466) * firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463) * firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462) * firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.132 and Runtime 6.0.32. Security Fix(es): * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-38095 .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7. Security Fix(es): * dotnet: DoS in System.Text.Json (CVE-2024-30105) * dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264) * dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-30105 CVE-2024-35264 CVE-2024-38095 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Possible remote code execution due to a race condition in signal handling affecting AlmaLinux(CVE-2024-6409) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6409 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604) * Mozilla: Race condition in permission assignment (CVE-2024-6601) * Mozilla: Memory corruption in thread creation (CVE-2024-6603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6601 CVE-2024-6603 CVE-2024-6604 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Pack200 increase loading time due to improper header validation (8322106) (CVE-2024-21144) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147) * OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131) * OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138) * OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140) * OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-39936 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) * httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) * httpd: null pointer dereference in mod_proxy (CVE-2024-38477) * httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) * httpd: Encoding problem in mod_proxy (CVE-2024-38473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38477 CVE-2024-39573 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283) * kernel: iommufd: Require drivers to supply the cache_invalidate_user ops (CVE-2024-46824) * kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-42283 CVE-2024-46824 CVE-2024-46858 EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765) * edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236) * edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2022-36765 CVE-2023-45236 CVE-2023-45237 OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fix(es): * OpenEXR: Heap Overflow in Scanline Deep Data Parsing (CVE-2023-5841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2023-5841 Setuptools is a collection of enhancements to the Python 3 distutils that allow you to more easily build and distribute Python 3 packages, especially ones that have dependencies on other packages. This package also contains the runtime components of setuptools, necessary to execute the software that requires pkg_resources. Security Fix(es): * pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Important Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-6345 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic (CVE-2024-3044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-3044 libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: Improper Domain Lookup that potentially leads to SSRF attacks (CVE-2024-24806) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-24806 Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * libvirt: stack use-after-free in virNetClientIOEventLoop() (CVE-2024-4418) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Moderate Copyright 2024 AlmaLinux OS cpe:/a:almalinux:almalinux:9 cpe:/a:almalinux:almalinux:9::appstream cpe:/a:almalinux:almalinux:9::crb cpe:/a:almalinux:almalinux:9::highavailability cpe:/a:almalinux:almalinux:9::nfv cpe:/a:almalinux:almalinux:9::realtime cpe:/a:almalinux:almalinux:9::resilientstorage cpe:/a:almalinux:almalinux:9::sap cpe:/a:almalinux:almalinux:9::sap_hana cpe:/a:almalinux:almalinux:9::supplementary cpe:/o:almalinux:almalinux:9 cpe:/o:almalinux:almalinux:9::baseos CVE-2024-4418