AlmaLinux 2225 Published by

The following security updates have been released for AlmaLinux:

ALSA-2023:7668 Important: squid:4 security update
ALSA-2023:7716 Important: webkit2gtk3 security update
ALSA-2023:7732 Important: tracker-miners security update
ALSA-2023:7747 Moderate: libxml2 security update
ALSA-2023:7754 Moderate: pixman security update
ALSA-2023:7762 Moderate: skopeo security update
ALSA-2023:7763 Moderate: runc security update
ALSA-2023:7764 Moderate: buildah security update
ALSA-2023:7765 Moderate: podman security update
ALSA-2023:7766 Moderate: containernetworking-plugins security update
ALSA-2023:7784 Important: postgresql security update
ALSA-2023:7791 Important: gstreamer1-plugins-bad-free security update
ALSA-2023:7836 Moderate: avahi security update
ALSA-2023:7841 Important: gstreamer1-plugins-bad-free security update



ALSA-2023:7668 Important: squid:4 security update


ID:
ALSA-2023:7668

Title:
ALSA-2023:7668 Important: squid:4 security update

Type:
security

Severity:
important

Release date:
2023-12-14

Description
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: DoS against HTTP and HTTPS (CVE-2023-5824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-5824
RHSA-2023:7668
ALSA-2023:7668

Updated packages listed below:
Architecture
Package
Checksum
aarch64
libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
55e3f425f9b79d25a1b7886223c57dc2ec531e67854501992274d404e0f1a950
aarch64
squid-4.15-7.module_el8.9.0+3696+b881db49.3.aarch64.rpm
57f318582164a318a45c6d3f8fbc26f39a05cb02c4e7d77516b5fd95ff6483c9
aarch64
libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.aarch64.rpm
c6410e4bb614a814925e18f8c72f24ebafaf58481f30e6c70024919f51b4739b
ppc64le
libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
66453ca7b12ce16e17ae04c9ebcd5f451f151148ef13dd9f13c31fec5fbcd9d2
ppc64le
squid-4.15-7.module_el8.9.0+3696+b881db49.3.ppc64le.rpm
9fe4a086b9a3428582e1a91041a705bb6ad63739ca657d1a71bb87069c4d0cd6
ppc64le
libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.ppc64le.rpm
d36d6e8d7784be4644a74c6e52693c28ecea72e084690277ac0632dd21819db0
s390x
libecap-1.0.1-2.module_el8.6.0+3048+383bc947.s390x.rpm
6f8eb1f500a9dca1949f5f05aedf6b97764817d9f17284be3612eec04618f4e1
s390x
libecap-devel-1.0.1-2.module_el8.6.0+3048+383bc947.s390x.rpm
96f15e87a90682f6ec87bc4ed7c8edae439f414cd0382f1865dcf76ac3a7807d
s390x
squid-4.15-7.module_el8.9.0+3696+b881db49.3.s390x.rpm
9ae9ed11a46a2c50864febab1200f42b9f298c466223d8ae4025b5d2d0cd197c
x86_64
libecap-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
1cbc8a0c82dbc6330bd8880c0db4cdc3ef8d59ecafa7ded1aa5431d18933a432
x86_64
libecap-devel-1.0.1-2.module_el8.6.0+2741+01592ae8.x86_64.rpm
4d62ea1c65382c3acfe697af449cc2c673d03660a3a39f6c0b1e71e09f5fe8df
x86_64
squid-4.15-7.module_el8.9.0+3696+b881db49.3.x86_64.rpm
c89149d1c5f154a9604ff9a7b9ee3525ca066b9a9d0f0a789d4720c526ac0a33

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7668 Important: squid:4 security update



ALSA-2023:7716 Important: webkit2gtk3 security update


ID:
ALSA-2023:7716

Title:
ALSA-2023:7716 Important: webkit2gtk3 security update

Type:
security

Severity:
important

Release date:
2023-12-14

Description
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-42917
RHSA-2023:7716
ALSA-2023:7716

Updated packages listed below:
Architecture
Package
Checksum
aarch64
webkit2gtk3-jsc-devel-2.40.5-1.el8_9.1.alma.1.aarch64.rpm
351fd4feed08418a55f06bc77d8336d89aa00577728d1986093d5e1b79509e41
aarch64
webkit2gtk3-jsc-2.40.5-1.el8_9.1.alma.1.aarch64.rpm
36b1972956116c9083ad4954ac7e828e89494da3670a25fb1f0bc2b2f75026fd
aarch64
webkit2gtk3-2.40.5-1.el8_9.1.alma.1.aarch64.rpm
67efb67cde2627c4ac69ffecf27635c3c5666d8724a3cde1af3af6a938dde6c6
aarch64
webkit2gtk3-devel-2.40.5-1.el8_9.1.alma.1.aarch64.rpm
f6c8d173034c271ed1ba83682e39f64d768b7b4e4b95fba21ada90577bfc9ab7
i686
webkit2gtk3-2.40.5-1.el8_9.1.alma.1.i686.rpm
0f821cfa4f5fe6143790ad7a78a6dd73e4f013d9ed4da5c5e3c383c4974ed48a
i686
webkit2gtk3-jsc-2.40.5-1.el8_9.1.alma.1.i686.rpm
23939b0fb50f4a6aab59fdda9e5f3595bfc0468539d52031c70b2348ece1464c
i686
webkit2gtk3-devel-2.40.5-1.el8_9.1.alma.1.i686.rpm
8f23bc107bfffe917b5a14330c90083794659abaf17c56a24077d60bd4d5a17e
i686
webkit2gtk3-jsc-devel-2.40.5-1.el8_9.1.alma.1.i686.rpm
e6f6885e748f41829162a8c2ede02a9e74c5ef59a5d3ce7f0693de0c0254ad85
ppc64le
webkit2gtk3-jsc-devel-2.40.5-1.el8_9.1.alma.1.ppc64le.rpm
1cc307573722798623227ce5f4f7b6abcfe7a7855f0ca2108bcd4db4ad396a78
ppc64le
webkit2gtk3-2.40.5-1.el8_9.1.alma.1.ppc64le.rpm
39f9c0bf6f8fef6f59422f8300d788adf861809fd7affbcb92e35ff82f3606f1
ppc64le
webkit2gtk3-devel-2.40.5-1.el8_9.1.alma.1.ppc64le.rpm
3b7fe971c9c3cb191f32fa3104e2a9fd296b432729c8234e23919b1f187e558b
ppc64le
webkit2gtk3-jsc-2.40.5-1.el8_9.1.alma.1.ppc64le.rpm
6b12fa8aa7c0b0333863179540a79a01ad82e35eaee65c04827fa5b13b4a6f9d
s390x
webkit2gtk3-jsc-2.40.5-1.el8_9.1.alma.1.s390x.rpm
3c941065b43c0a05c46cdef8bf49e9a8ce56a9df7910f119a26c5337caf4966d
s390x
webkit2gtk3-devel-2.40.5-1.el8_9.1.alma.1.s390x.rpm
53e0edecab3faa551313da4cd7845758624e166065c0d4997bf352e4033be874
s390x
webkit2gtk3-jsc-devel-2.40.5-1.el8_9.1.alma.1.s390x.rpm
9cd9f4c391986f8265a7ba97af861c2e2fe711366626ffd14c67e67492df8267
s390x
webkit2gtk3-2.40.5-1.el8_9.1.alma.1.s390x.rpm
caa5138a96cf96d7eea20906aad51e0f2f5dd052993d89867bad837d59858e16
x86_64
webkit2gtk3-jsc-2.40.5-1.el8_9.1.alma.1.x86_64.rpm
0cf205d48f78dcc9f59b0fb57647f1531d2fcccd93265c959e8b105c011d2266
x86_64
webkit2gtk3-devel-2.40.5-1.el8_9.1.alma.1.x86_64.rpm
1e7f75265040da2b484239b77d56e8ff01e11f1025daf54f4aabda746295c87c
x86_64
webkit2gtk3-jsc-devel-2.40.5-1.el8_9.1.alma.1.x86_64.rpm
900297d3beebc0e58680174fc66f29c47f5709f973ac78b34a1f40ac98d6e76a
x86_64
webkit2gtk3-2.40.5-1.el8_9.1.alma.1.x86_64.rpm
b5af5ab2b645d700f9e6a49e776f8f3f659e7d1d78d9dbd72b4d60ae72c0e6a4

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7716 Important: webkit2gtk3 security update



ALSA-2023:7732 Important: tracker-miners security update


ID:
ALSA-2023:7732

Title:
ALSA-2023:7732 Important: tracker-miners security update

Type:
security

Severity:
important

Release date:
2023-12-14

Description
Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.
Security Fix(es):
* tracker-miners: sandbox escape (CVE-2023-5557)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-5557
RHSA-2023:7732
ALSA-2023:7732

Updated packages listed below:
Architecture
Package
Checksum
aarch64
tracker-miners-2.1.5-2.el8_9.1.aarch64.rpm
ff59a0fffe9d931d6fa88832d19fd94f0e19a672f0cdc952db02c6e8f8e28762
i686
tracker-miners-2.1.5-2.el8_9.1.i686.rpm
4bf424eb5374b23ca8df9eb111146b2ad1210d46537329577c500612adefc68d
ppc64le
tracker-miners-2.1.5-2.el8_9.1.ppc64le.rpm
e9dc53556a3670506d32294a814f89843657aa9edc6d72b3511e46e45e36a506
s390x
tracker-miners-2.1.5-2.el8_9.1.s390x.rpm
a2f9613a1834221a232f74e87d3c5d81c8c373a5d847013c9fb4d781022c88a5
x86_64
tracker-miners-2.1.5-2.el8_9.1.x86_64.rpm
888024560bcf36e7757d57f25a8e665564ef184ffdff517bd6cb5ec80140538f

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7732 Important: tracker-miners security update



ALSA-2023:7747 Moderate: libxml2 security update


ID:
ALSA-2023:7747

Title:
ALSA-2023:7747 Moderate: libxml2 security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-39615
RHSA-2023:7747
ALSA-2023:7747

Updated packages listed below:
Architecture
Package
Checksum
aarch64
libxml2-devel-2.9.13-5.el9_3.aarch64.rpm
03595f49ea89b3a49e739174dd0b70dc93f8816ab944983ee1fbc1cc9021eef3
aarch64
python3-libxml2-2.9.13-5.el9_3.aarch64.rpm
45627fa1c2a1a67b8b80e0bafb55367363d981ec58784382a2402ee1ff1bd3e0
aarch64
libxml2-2.9.13-5.el9_3.aarch64.rpm
76197e966a696dbaf133420105003cdabfb310712df80a7fd83641099eba087a
i686
libxml2-devel-2.9.13-5.el9_3.i686.rpm
568462487f0c436c041521c69f8a640889c272593f4668fb5b4993785f40842c
i686
libxml2-2.9.13-5.el9_3.i686.rpm
a9a2093eb5e71a9e4f39901b0819c2f84abed7647e5218dae9fa5fe5830ee0f4
ppc64le
python3-libxml2-2.9.13-5.el9_3.ppc64le.rpm
2278c170919f41cb6d88d5b98c6bd793bee5108d223868d38d4bc5648f555eef
ppc64le
libxml2-devel-2.9.13-5.el9_3.ppc64le.rpm
564c456a090c4b293b0f529c648e9e78fe635cf7913443f7a5657e43e211f885
ppc64le
libxml2-2.9.13-5.el9_3.ppc64le.rpm
753606b9c2cd54cd77a12f035ddbf34b96f1fd85d1b23513fce43a1a3d65e132
s390x
libxml2-2.9.13-5.el9_3.s390x.rpm
c4c03e79b861be6f9ca2f4f0a563cfead94c66c15ba36418ae661a14c803eb58
s390x
python3-libxml2-2.9.13-5.el9_3.s390x.rpm
fa2c83aa080d6a2d5fb7c0d0b37fa79d4c9cc1ae6e065f7362c1f2af355eb2bc
s390x
libxml2-devel-2.9.13-5.el9_3.s390x.rpm
fed0af2a10cd84d0448300ae1c2c773ab26a17ce253fd01f00d1f9191bf83608
x86_64
python3-libxml2-2.9.13-5.el9_3.x86_64.rpm
6fbe1946759a8332bed8e59a13a405a6caf6ceac28e6fa0a05454d17fa4b89c3
x86_64
libxml2-2.9.13-5.el9_3.x86_64.rpm
afe8a73549306d8611bdaf653bc6b2edbc57985e2de4495ad872f1d046e708f9
x86_64
libxml2-devel-2.9.13-5.el9_3.x86_64.rpm
b335837b21b7e5a66f81ee5e0c742e2a98c74944727f7d236e48d1d7fd4b5400

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7747 Moderate: libxml2 security update



ALSA-2023:7754 Moderate: pixman security update


ID:
ALSA-2023:7754

Title:
ALSA-2023:7754 Moderate: pixman security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
Pixman is a pixel manipulation library for the X Window System and Cairo.
Security Fix(es):
* pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (CVE-2022-44638)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2022-44638
RHSA-2023:7754
ALSA-2023:7754

Updated packages listed below:
Architecture
Package
Checksum
aarch64
pixman-0.40.0-6.el9_3.aarch64.rpm
523724aaed1a410e130e4b6d7c001da58994b85a3004f6c211f443f387ce4bf0
aarch64
pixman-devel-0.40.0-6.el9_3.aarch64.rpm
d5c1e00ad9bd55f768d5f8f1e119298489f31eb775d4a479e17f67a49b3975a8
i686
pixman-0.40.0-6.el9_3.i686.rpm
6ede8cc128fc9945133f25aee2f0830cfa737ac140d44ab2b860c621f2831e5a
i686
pixman-devel-0.40.0-6.el9_3.i686.rpm
853bebdd6bb87a0cb7652be72016f62c73a781467d7b144988fd9c07b7fcf1a3
ppc64le
pixman-devel-0.40.0-6.el9_3.ppc64le.rpm
e3eb1630fca760d033c494bff00ba10e6f28ab16f0de8c4313378fad39cc629e
ppc64le
pixman-0.40.0-6.el9_3.ppc64le.rpm
f9d3f4b25e399387f013ece200362493e7937a042a90e1fdd7bb82a2c2ec74b9
s390x
pixman-devel-0.40.0-6.el9_3.s390x.rpm
bc18de8eb8ef9b86bd91067a7dffa3986abb32ee9558599c08a11857679fc306
s390x
pixman-0.40.0-6.el9_3.s390x.rpm
fcfb86a1c84f16e1f4c217b1d5fe6b32a05b4a6db0a2d8f99213ea4fb0d44e4a
x86_64
pixman-devel-0.40.0-6.el9_3.x86_64.rpm
1346f382550391cc85a3812dc37e86861b6a593538790505cb4409914e4672e6
x86_64
pixman-0.40.0-6.el9_3.x86_64.rpm
5bfa3f4e7cd187e39d9cd5f8f52f910ce1a49b1f998d5948a7fa872d35670ede

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7754 Moderate: pixman security update



ALSA-2023:7762 Moderate: skopeo security update


ID:
ALSA-2023:7762

Title:
ALSA-2023:7762 Moderate: skopeo security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322
RHSA-2023:7762
ALSA-2023:7762

Updated packages listed below:
Architecture
Package
Checksum
aarch64
skopeo-tests-1.13.3-3.el9_3.aarch64.rpm
091689f31da62dfe858a9aa4458b52f91b5faffe8e9ac44b6ddf37dfcb6b3d10
aarch64
skopeo-1.13.3-3.el9_3.aarch64.rpm
7d912a59c8513d73d36bbe08a565c455cc9eedd9c36774bdbd0f6b7098fc1bae
ppc64le
skopeo-tests-1.13.3-3.el9_3.ppc64le.rpm
3df002a518773cf6dbf28d5b5d7186ef7d7795f59bd03e27021165472319b74b
ppc64le
skopeo-1.13.3-3.el9_3.ppc64le.rpm
e2374129c431acd88005714e96d97df85cf009eb9401d7a5deae9d5239c412fe
s390x
skopeo-tests-1.13.3-3.el9_3.s390x.rpm
40f439741f357957f1fde35deaf4914fbb87ea994963b978177ead40be4e797d
s390x
skopeo-1.13.3-3.el9_3.s390x.rpm
a8d4d1b803e3d37b3194585ec118385721f25e500adda6b088e4312abd5ba172
x86_64
skopeo-1.13.3-3.el9_3.x86_64.rpm
08e9b10967f7f505b9e15541bff9b17aa64a314b452f860e95d9451d94706449
x86_64
skopeo-tests-1.13.3-3.el9_3.x86_64.rpm
65172c7d0d2747143e1128e8a5098f451a6d0c2292532e64ebed66a315b9ff6e

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7762 Moderate: skopeo security update



ALSA-2023:7763 Moderate: runc security update


ID:
ALSA-2023:7763

Title:
ALSA-2023:7763 Moderate: runc security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29409
CVE-2023-39321
CVE-2023-39322
RHSA-2023:7763
ALSA-2023:7763

Updated packages listed below:
Architecture
Package
Checksum
aarch64
runc-1.1.9-2.el9_3.aarch64.rpm
1d149b8d0b0ba35129ee27e2ad9deb248bca0d7d1750aace17601044d98b361f
ppc64le
runc-1.1.9-2.el9_3.ppc64le.rpm
125d30c382147e99f51967443cb1811f98996de7008fa8faf8f9a3f314627c2d
s390x
runc-1.1.9-2.el9_3.s390x.rpm
940f6140a2213d5d8a89c85c2481b38190cd4f460eb795ffffc9ee3159a74251
x86_64
runc-1.1.9-2.el9_3.x86_64.rpm
074bdacce30b7266aec255a5c040e49b3a2b7d9de55eac6d8f0ef39ad3ad7612

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7763 Moderate: runc security update



ALSA-2023:7764 Moderate: buildah security update


ID:
ALSA-2023:7764

Title:
ALSA-2023:7764 Moderate: buildah security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322
RHSA-2023:7764
ALSA-2023:7764

Updated packages listed below:
Architecture
Package
Checksum
aarch64
buildah-1.31.3-2.el9_3.aarch64.rpm
40d3ffb21a339389c9e725fc85adc0abc00a2e373e1b51acfe8754583271456b
aarch64
buildah-tests-1.31.3-2.el9_3.aarch64.rpm
49aa96906774f1149e6cd04a315e6539e8b95a92fc9d09e2241178fbf41726b9
ppc64le
buildah-1.31.3-2.el9_3.ppc64le.rpm
4c07749e85d8ae464d8158ecca517c9cf3c73fc3deb6ba0057688721756bea09
ppc64le
buildah-tests-1.31.3-2.el9_3.ppc64le.rpm
91488729285e9662f58cf46ee2a3c53003ed1ec8d112937581cb97fe72e10c35
s390x
buildah-1.31.3-2.el9_3.s390x.rpm
6b009a5bf2c56599e7fb9ec0bf92e7b2f6558418068511dbd139594da1d2664b
s390x
buildah-tests-1.31.3-2.el9_3.s390x.rpm
f76889fa2b08aa9717122e68d644aeedaec9a8f9769ef0920670c2d964bbd691
x86_64
buildah-1.31.3-2.el9_3.x86_64.rpm
5f0aa3001075d7c1627c376f3897ae174a59c117e81e49b5220522180ecc0b30
x86_64
buildah-tests-1.31.3-2.el9_3.x86_64.rpm
b61dfeaa93295fe5e91c1b4d4cc3fe7db90dddfd4833278c0ab62102fc5c625b

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7764 Moderate: buildah security update



ALSA-2023:7765 Moderate: podman security update


ID:
ALSA-2023:7765

Title:
ALSA-2023:7765 Moderate: podman security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322
RHSA-2023:7765
ALSA-2023:7765

Updated packages listed below:
Architecture
Package
Checksum
aarch64
podman-gvproxy-4.6.1-7.el9_3.aarch64.rpm
6ebd4834d34be4cdef04b5f48fd5d4577294e9701706abcdd64028faf4405466
aarch64
podman-4.6.1-7.el9_3.aarch64.rpm
c7532b3fb40fc009f0c26e71560ac717adc1bed9bcea58b0e8ef4d1237c859df
aarch64
podman-plugins-4.6.1-7.el9_3.aarch64.rpm
e5d5983b4c1059d20696f0b5b488ee5210d39b826000d8f5ae58e926b90ce399
aarch64
podman-remote-4.6.1-7.el9_3.aarch64.rpm
ebb5a451e55f850e72c84685387b3807a9186a70417fb5be4f5fcfb092ed0789
aarch64
podman-tests-4.6.1-7.el9_3.aarch64.rpm
f8fdb500200e88aa899b5a87b0488990143a6c7602442fd26e35f0f24957168a
noarch
podman-docker-4.6.1-7.el9_3.noarch.rpm
e04db657a2b32f8ed6237a285a6a374c16fa32b0c4359d0aaaf7473b962e109d
ppc64le
podman-plugins-4.6.1-7.el9_3.ppc64le.rpm
52de61cdca2c90c11b3d96f57c48be6ea911bcec51f1c2538b969c63d830a256
ppc64le
podman-4.6.1-7.el9_3.ppc64le.rpm
8198251ef11cd848c499b594db97452d25bd56cb3f27fca37a38ad77bb96e1a5
ppc64le
podman-remote-4.6.1-7.el9_3.ppc64le.rpm
b899683751e4c2d2a9822c1d6a10d797575d305033eb31b0c6cae60bb540f86c
ppc64le
podman-gvproxy-4.6.1-7.el9_3.ppc64le.rpm
e01b3e606db336ab102381bd9d190fa493b50dda4285b8906a903695eee1c4ee
ppc64le
podman-tests-4.6.1-7.el9_3.ppc64le.rpm
f61c40b643d0da341a443f1840972182beb52f96ad138705fa89a1c2ce9570d6
s390x
podman-remote-4.6.1-7.el9_3.s390x.rpm
339e0993591f16c2fc02d6c9ed519f79142b36cc76696a1f77f5b2fa8acf3e5f
s390x
podman-tests-4.6.1-7.el9_3.s390x.rpm
59b6325d0517a23b95cfed12cb6ace1d8934f999d1745748d18cd8928953aed1
s390x
podman-gvproxy-4.6.1-7.el9_3.s390x.rpm
88a3462c563ea6f1da699c698ac078a08618256ed18ea767fa8c43a1c7ebd969
s390x
podman-plugins-4.6.1-7.el9_3.s390x.rpm
be7f57edbb4d5126be2592eaebf38e798e9c9ed61440036e745add79f20333a9
s390x
podman-4.6.1-7.el9_3.s390x.rpm
fb112135cae5ad1e014edfca99315279cfc0958331aa4dc979212b1e8a268392
x86_64
podman-remote-4.6.1-7.el9_3.x86_64.rpm
2fb160fe20fef5de6ba7a67a28df479f0fd33c96f766bd15fdb49945e83fb063
x86_64
podman-4.6.1-7.el9_3.x86_64.rpm
550d54f0c0bdf136b76a184a29e82f36e5354dcf744228093a0f3b6388669c6f
x86_64
podman-tests-4.6.1-7.el9_3.x86_64.rpm
694f639532e1fdd66d8e3fa441b8dccbd33cf3c25742b8829e270dda7d29dc66
x86_64
podman-plugins-4.6.1-7.el9_3.x86_64.rpm
b9d31ce7362cf84cd3d7ff9845eeb529d4b0adab193b14c0f5fc6b4bdbef3e00
x86_64
podman-gvproxy-4.6.1-7.el9_3.x86_64.rpm
bc021811751fd5571c6bc5b16d3e49f6db254480c83a42586de568481b854054

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7765 Moderate: podman security update



ALSA-2023:7766 Moderate: containernetworking-plugins security update


ID:
ALSA-2023:7766

Title:
ALSA-2023:7766 Moderate: containernetworking-plugins security update

Type:
security

Severity:
moderate

Release date:
2023-12-14

Description
The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Security Fix(es):
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29409
CVE-2023-39318
CVE-2023-39319
CVE-2023-39321
CVE-2023-39322
RHSA-2023:7766
ALSA-2023:7766

Updated packages listed below:
Architecture
Package
Checksum
aarch64
containernetworking-plugins-1.3.0-6.el9_3.aarch64.rpm
f4d13f2a07342d1fe6d8c5bed2d301e6dbf220b143407336691ac8890b57a347
ppc64le
containernetworking-plugins-1.3.0-6.el9_3.ppc64le.rpm
b8f94a830ce882954c9299d476ddbffe3adb2c640f87e7c0634b74ba0c831ccc
s390x
containernetworking-plugins-1.3.0-6.el9_3.s390x.rpm
13c571102b6d3809d40603f6c993666f4980fe22f8c1a73498d3ffee7c3aff8f
x86_64
containernetworking-plugins-1.3.0-6.el9_3.x86_64.rpm
8582b72210e0dc98664caf5c9306738a1062d6b135aa8f4fbfac835bd64375df

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7766 Moderate: containernetworking-plugins security update



ALSA-2023:7784 Important: postgresql security update


ID:
ALSA-2023:7784

Title:
ALSA-2023:7784 Important: postgresql security update

Type:
security

Severity:
important

Release date:
2023-12-14

Description
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)
* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)
* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-39417
CVE-2023-5868
CVE-2023-5869
CVE-2023-5870
RHSA-2023:7784
ALSA-2023:7784

Updated packages listed below:
Architecture
Package
Checksum
aarch64
postgresql-static-13.13-1.el9_3.aarch64.rpm
059e48d1778d7288c25926cdf0ef51373836d6dd14009895cfe4a4b0c602b20b
aarch64
postgresql-private-libs-13.13-1.el9_3.aarch64.rpm
18bb26f00bbba651a8d330a3ff75886f59e077c3d652034e98d6c292b7df5768
aarch64
postgresql-pltcl-13.13-1.el9_3.aarch64.rpm
1f9f7e644f6a9b22cb6c73365997fa37af2da8f4aa4ae5004a48f8d390ed11d8
aarch64
postgresql-server-13.13-1.el9_3.aarch64.rpm
1ff57eb78b256e4f1b410e8f99c68cde7810c7c8f70005677c0ba930c5c5934f
aarch64
postgresql-server-devel-13.13-1.el9_3.aarch64.rpm
3962c4ddf6535780e7b3216783ded2cb45c14c401a2fda8c456d21a682c88d89
aarch64
postgresql-contrib-13.13-1.el9_3.aarch64.rpm
3ada470f1834698244faff1810c3fc451c43fb380c4e9452cc4df3df28a061d7
aarch64
postgresql-upgrade-devel-13.13-1.el9_3.aarch64.rpm
874eaa47eedbd9a86e9f98cfb185555899e7e0f9bf2e81861ead63750540f1b0
aarch64
postgresql-13.13-1.el9_3.aarch64.rpm
9e0c3385d1c31c5a113e7a19b15de8b078496f746c90dc20cf31a2523af84dc6
aarch64
postgresql-docs-13.13-1.el9_3.aarch64.rpm
b1e7ee9ad25f733905d7a1d2383f6b80cff32260bd53051fbc10f0a5a8486913
aarch64
postgresql-plpython3-13.13-1.el9_3.aarch64.rpm
baa59380e758cc248abe4504458df7ee54b62b185b515595ebb8484ef5380b80
aarch64
postgresql-upgrade-13.13-1.el9_3.aarch64.rpm
bfb202833a936b72e2a137240410780102de52a12fdd1881dda01d5e837e524c
aarch64
postgresql-private-devel-13.13-1.el9_3.aarch64.rpm
ce8127387f200e099b6d1fbd4003641a7f299272a28e682b184554a452ed710f
aarch64
postgresql-test-13.13-1.el9_3.aarch64.rpm
fb157efc7db0e36fad0f2ac49bb049bda53fd8c9d48bc2b3d32546f2839e2f45
aarch64
postgresql-plperl-13.13-1.el9_3.aarch64.rpm
fbc7019e055edc13db5740b0ad350af55f13a896277315e010956ab2d6675546
ppc64le
postgresql-private-devel-13.13-1.el9_3.ppc64le.rpm
16a27738f26a1b42949562e2b316fce00bc06ac4d3cab18305367ab0e36122e8
ppc64le
postgresql-contrib-13.13-1.el9_3.ppc64le.rpm
183d14e1fdfe7d6cb05d0cbcfe26d85900038fae519b2e817aa8ca957b605213
ppc64le
postgresql-pltcl-13.13-1.el9_3.ppc64le.rpm
1b686228e679eed19e77ddc0e95d8e518907e1d03111d83fb085901a33ce6f3c
ppc64le
postgresql-13.13-1.el9_3.ppc64le.rpm
3e8d735a5e74fb546c8d424a2bd26f1d296a1a9d924b35252f81badb56fa0250
ppc64le
postgresql-private-libs-13.13-1.el9_3.ppc64le.rpm
65105d225e47c4477d0ff6f73f1d3edeaee0c7b9ff3392a76ca4a39d13d9435d
ppc64le
postgresql-static-13.13-1.el9_3.ppc64le.rpm
722bfcd856505ca5cd03ad16a8b55ea6f25ce82d88e915322aae3288f4c5d0da
ppc64le
postgresql-upgrade-devel-13.13-1.el9_3.ppc64le.rpm
7c7c9c6222e407d53dfd41204ffd89387e9bb1089e615c56a17059620ecf8244
ppc64le
postgresql-docs-13.13-1.el9_3.ppc64le.rpm
8ff1e6b3d12dc943ac549ce1089eb600658141c192825336c98b243025c9efd3
ppc64le
postgresql-test-13.13-1.el9_3.ppc64le.rpm
999c8dff15dedb92f228ba26d4e0dbcdd0fa121cd9b883f8a42fed18fbaab353
ppc64le
postgresql-plperl-13.13-1.el9_3.ppc64le.rpm
acbe096876335f1a9e114b8300db3e75f491afe0fd73126bb08c270bfc015819
ppc64le
postgresql-server-13.13-1.el9_3.ppc64le.rpm
b39913769ca11b7c887df9d2be0c4f650d99acdcd2b3951f6385b0a49a3e528b
ppc64le
postgresql-server-devel-13.13-1.el9_3.ppc64le.rpm
c5d4107602bb9257973559e97f94fb8a10d67dac40631ba015093229a7ed2c88
ppc64le
postgresql-plpython3-13.13-1.el9_3.ppc64le.rpm
d8ee22695db52f439724709b146a5e03310c8b0773e1f7e4a1acee28c7094310
ppc64le
postgresql-upgrade-13.13-1.el9_3.ppc64le.rpm
e6d37021267b93d6c27fb0e996f293fbf380cb54d329b277e2ffeb555825dbca
s390x
postgresql-server-devel-13.13-1.el9_3.s390x.rpm
07fdd1d83092c0c6938ec4db0a43ca526a637eefbd0f842147c4190ebd3a4efc
s390x
postgresql-docs-13.13-1.el9_3.s390x.rpm
0f569769ab618d389278a88ce9a5d055b5f4d485663e971d342feb061305c3f0
s390x
postgresql-contrib-13.13-1.el9_3.s390x.rpm
294596072827da1618f9d38631a7b7854f376b520d81032ac009e6327158fc67
s390x
postgresql-plperl-13.13-1.el9_3.s390x.rpm
307d6a221ee6cc5b52467ef383a5e2c24ef5c07c2f6a484904fb60c48f81e437
s390x
postgresql-upgrade-13.13-1.el9_3.s390x.rpm
55fefa49345afaa7a26137e5f4c0e4fa3935e7f384f69085d3e1f606969ae422
s390x
postgresql-plpython3-13.13-1.el9_3.s390x.rpm
569436fcda3da23c0a37923e087e81a48fadaab7e137d7f21953ae332b26fced
s390x
postgresql-pltcl-13.13-1.el9_3.s390x.rpm
5dba871dae5eb2ada0d4885cdc3b705be6c5275b7609f8a11bc17d8c494140ac
s390x
postgresql-private-libs-13.13-1.el9_3.s390x.rpm
61e69f3d98b1c8cb9b63c442329535e98a77a477cfb877563384d9d4ab312177
s390x
postgresql-static-13.13-1.el9_3.s390x.rpm
6412eb5efffe2d8e76dc616410fdbeae66b36ad61365357a91998c0d101add62
s390x
postgresql-private-devel-13.13-1.el9_3.s390x.rpm
6e6b4556edb6a615794c2fa7cdd3db6df0c4a8c220568fdc5e375a694db15d60
s390x
postgresql-test-13.13-1.el9_3.s390x.rpm
92cb6d83e44db4b5bcc0d6b6aa85934b63f5484c06dd95a5d5b8b4309808f013
s390x
postgresql-server-13.13-1.el9_3.s390x.rpm
999c92b54032f90c20ce2e2e8779d0afcffa04e8b1a0eb5fa30d9d9ace77febb
s390x
postgresql-upgrade-devel-13.13-1.el9_3.s390x.rpm
b44d19397742db59013a0427a94e9f2820b4efd948babe8fb262d94bdae40a34
s390x
postgresql-13.13-1.el9_3.s390x.rpm
dffa89fd6d0fef59e31fd50c607ff1048d475d0a567794d9fc6cba5cd57bc2c8
x86_64
postgresql-server-devel-13.13-1.el9_3.x86_64.rpm
278232fd361d6afde77b1d42464bc6f1e1058005ba1e7ebbfc7c4b228c541f30
x86_64
postgresql-private-devel-13.13-1.el9_3.x86_64.rpm
3508a3c5d8b39963f40a83d81d05ebfe997d98107ce245d2ea8beb225647f34a
x86_64
postgresql-test-13.13-1.el9_3.x86_64.rpm
4fa83a5a050884f43b98e9e1cd3e8cadb7cacc9919a29deea1213ec1d488aea4
x86_64
postgresql-pltcl-13.13-1.el9_3.x86_64.rpm
5260aebde8c39d688e36ff269ee82961d96610fce451a4832839ec257794b582
x86_64
postgresql-contrib-13.13-1.el9_3.x86_64.rpm
639d0d6817c897f5e79ea813dd10e41a995c4edbff96eec5635566483407854f
x86_64
postgresql-private-libs-13.13-1.el9_3.x86_64.rpm
7044f7310fefcfb6edb93017d5df777232285f77a7663a14b3298fe769f147e4
x86_64
postgresql-docs-13.13-1.el9_3.x86_64.rpm
7926030a231762f0fcbc2a979a73b08f9b09f4868a2fd64dba133c8b974a59c8
x86_64
postgresql-upgrade-13.13-1.el9_3.x86_64.rpm
7c93e6ba5d0642143437d130cfbcc9a1c1ce4ef6a408f98c691d22943ddb3ed8
x86_64
postgresql-plperl-13.13-1.el9_3.x86_64.rpm
829233f85ab4a9f014f6a7b3a1828d01870567f6c4ea89e60c84d0d611ebb43c
x86_64
postgresql-plpython3-13.13-1.el9_3.x86_64.rpm
9abc95cc4e3fe4ce83ec6ea0d1b98cb3fbea8eab5e67a2550173d700c1e16f81
x86_64
postgresql-server-13.13-1.el9_3.x86_64.rpm
c7bd8fa5e612555a221acfd296d67c052ba4cbb6469a3dddd38c93af2fca3128
x86_64
postgresql-upgrade-devel-13.13-1.el9_3.x86_64.rpm
c8bfa920d6767af9a29c8507df5045347e85035bc2bb0cd908b49ae34478b211
x86_64
postgresql-13.13-1.el9_3.x86_64.rpm
d6d5e55de600b373a58c8bd4df0a6ece608c9c2de7bb50fe80c4f5b2bb8dd255
x86_64
postgresql-static-13.13-1.el9_3.x86_64.rpm
f84ec245ccd018164cc05f04eb1a7a20b950f90a7a7e8ed2153765c55fd10142

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7784 Important: postgresql security update



ALSA-2023:7791 Important: gstreamer1-plugins-bad-free security update


ID:
ALSA-2023:7791

Title:
ALSA-2023:7791 Important: gstreamer1-plugins-bad-free security update

Type:
security

Severity:
important

Release date:
2023-12-14

Description
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* gstreamer: AV1 codec parser heap-based buffer overflow (CVE-2023-44429)
* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-44429
CVE-2023-44446
RHSA-2023:7791
ALSA-2023:7791

Updated packages listed below:
Architecture
Package
Checksum
aarch64
gstreamer1-plugins-bad-free-devel-1.22.1-2.el9_3.aarch64.rpm
06187b97d895156c30b4e678035dee5438f5f8957858aa277a609867955fdb19
aarch64
gstreamer1-plugins-bad-free-1.22.1-2.el9_3.aarch64.rpm
5e6f7ddbcd10385a4445f0049cc5cca2469ac7b508cc434809689976b396e4ff
i686
gstreamer1-plugins-bad-free-1.22.1-2.el9_3.i686.rpm
12d3e7338628430eccb2e6ecd6b5d2600dcaf79936cfeb7dce2ff62ba9180753
i686
gstreamer1-plugins-bad-free-devel-1.22.1-2.el9_3.i686.rpm
5c58e5c39390bd6e8cf2e604533df3a148ce0a9f47716cb244888b3be6115f0f
ppc64le
gstreamer1-plugins-bad-free-devel-1.22.1-2.el9_3.ppc64le.rpm
ab68e0f475726046633da5aed638d7135dc35e1f18b494baa755bb18e2fb0e9d
ppc64le
gstreamer1-plugins-bad-free-1.22.1-2.el9_3.ppc64le.rpm
b7931757bd43e0b64a676d9297c60a127cee18394d6eda1807cf6a4c0820245a
s390x
gstreamer1-plugins-bad-free-devel-1.22.1-2.el9_3.s390x.rpm
e1472557ce59794b671d66409200705c26c2d54eb8fe6ea23265f85e73e20893
s390x
gstreamer1-plugins-bad-free-1.22.1-2.el9_3.s390x.rpm
fe35fca090b17447e3f46fe5cc6bdebf083dfb275945ead106a42e5c7bc388b0
x86_64
gstreamer1-plugins-bad-free-devel-1.22.1-2.el9_3.x86_64.rpm
17ca22d84b6ddd9a2b2eb879db9a848c56645a3931f6ed220791eec3e3df514b
x86_64
gstreamer1-plugins-bad-free-1.22.1-2.el9_3.x86_64.rpm
deb3ccf43c33c60bd43b203d7c0b41888f7b375db010edf5bbaeb72b2eb123c6

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7791 Important: gstreamer1-plugins-bad-free security update



ALSA-2023:7836 Moderate: avahi security update


ID:
ALSA-2023:7836

Title:
ALSA-2023:7836 Moderate: avahi security update

Type:
security

Severity:
moderate

Release date:
2023-12-15

Description
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.
Security Fix(es):
* avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket (CVE-2021-3468)
* avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)
* avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)
* avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)
* avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)
* avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2021-3468
CVE-2023-38469
CVE-2023-38470
CVE-2023-38471
CVE-2023-38472
CVE-2023-38473
RHSA-2023:7836
ALSA-2023:7836

Updated packages listed below:
Architecture
Package
Checksum
aarch64
avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.aarch64.rpm
028a9dd6c70eb5a7cc416d56ac1bb505e87d112895fb43af4556ec3a1b290bdf
aarch64
avahi-ui-0.7-21.el8_9.1.aarch64.rpm
0f866a482bfc67c11d25ea01b69dd47babcaa6cfdbd62b4d3c8db3e4b7eeb80a
aarch64
avahi-0.7-21.el8_9.1.aarch64.rpm
2a0eed72908f48be0541a7adca64172c54c6edb90b662fa59139c7b5afee14fb
aarch64
avahi-autoipd-0.7-21.el8_9.1.aarch64.rpm
2a6e4d6f1d0767bc7028714ba1f967d25cd6122c509d0d7d77303a08f23f6230
aarch64
avahi-ui-gtk3-0.7-21.el8_9.1.aarch64.rpm
37e958cb216afdc76c35bcff816b31e529fed1e91f655da99f00d282e623c68a
aarch64
avahi-compat-howl-0.7-21.el8_9.1.aarch64.rpm
41c08200c194ad210d300e353721c2c380eaf098b810241c5b0148bf05dbb0f7
aarch64
avahi-glib-0.7-21.el8_9.1.aarch64.rpm
49b10ad11adc4fc158931458271427c3fe71238c8cb1381f2c231c62ca3ea299
aarch64
avahi-compat-libdns_sd-0.7-21.el8_9.1.aarch64.rpm
6072c68c6fae9f3b98b98f4d2a28cc1ed583630e9ee2a4208fc225f0cf40525c
aarch64
avahi-gobject-devel-0.7-21.el8_9.1.aarch64.rpm
64679b2a306172ffc86a38f87f946eacc2ad1c62b5819663ef7041100d0bc91c
aarch64
avahi-libs-0.7-21.el8_9.1.aarch64.rpm
6b335e5f386a912f867c5cc07ebd1893dcff7c82e9d3cf44ef0d5698e8ae17c2
aarch64
avahi-compat-howl-devel-0.7-21.el8_9.1.aarch64.rpm
811262b91679fea4e1faf0447f0785691d4df7a7b41d346a353a98e1d774845d
aarch64
avahi-glib-devel-0.7-21.el8_9.1.aarch64.rpm
836d058be454580508d5da2a75f9b48d3ae4463039bde4762a0fe492346ece82
aarch64
avahi-devel-0.7-21.el8_9.1.aarch64.rpm
86e02f9ef7ff77876a6b09aea290ba59544fda6d631853737d29d84888a67b5e
aarch64
avahi-ui-devel-0.7-21.el8_9.1.aarch64.rpm
88e82123d4806e5999d39eb19728266e1ade04a18afcb394f4f0e733049cddbe
aarch64
python3-avahi-0.7-21.el8_9.1.aarch64.rpm
8e3622489a98c358f94bb0f416e51b6770f5f43f40bf7133b7e6f02483571318
aarch64
avahi-tools-0.7-21.el8_9.1.aarch64.rpm
a538b28b955e73465c8d7b163327afe1cf571df623e58107618b3c9bd0d843d1
aarch64
avahi-gobject-0.7-21.el8_9.1.aarch64.rpm
d101d9cd02082cb955ea37a6ac68978ff9802a03995255c2816b1ebad52c431d
i686
avahi-ui-gtk3-0.7-21.el8_9.1.i686.rpm
00ceb709d46067e202bf3ac4e0ab9a0efe32ea91a25b29c0d897fd147e61416e
i686
avahi-0.7-21.el8_9.1.i686.rpm
129cd5f19e6e9fbcca0cac184a1e1e145a6ea17de47980bc10ad5eb600ce83a8
i686
avahi-ui-devel-0.7-21.el8_9.1.i686.rpm
157dc1fd8eb35de18c54836ea8269339e5fc00e38ebe60d60f9d907495d730a8
i686
avahi-gobject-0.7-21.el8_9.1.i686.rpm
161a6e57fe1cf20dd4277d209eb39c602a45ecb7fec04b87a2f10114d55f225c
i686
avahi-glib-devel-0.7-21.el8_9.1.i686.rpm
252e7688b08eccbd4435702b69fc5a5f815834904c47899229a084a24a418197
i686
avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.i686.rpm
3fbe58503c6ed9cd0165321e7d243c03f87628ffadcafa8802e810e9efaca820
i686
avahi-compat-howl-devel-0.7-21.el8_9.1.i686.rpm
51f51f9b7a48676011bafece2590ce74b28173041ba71260a4203f95e9d78d7c
i686
avahi-libs-0.7-21.el8_9.1.i686.rpm
6eb5c2894b4fc2da3816dde651a50314708ebfec43c2fe45a1bce39d4eee1f33
i686
avahi-devel-0.7-21.el8_9.1.i686.rpm
866bec2ad1db99c44f65d940c823d8f93c56d0eaf73fc23d832ff935c2dc9b2c
i686
avahi-compat-howl-0.7-21.el8_9.1.i686.rpm
9941b752d1c6503a3083b3871f0312c4641b86d707977af45b6b40107c27a617
i686
avahi-gobject-devel-0.7-21.el8_9.1.i686.rpm
9c5d011d61f2392beacbf469ad5ce34c529385dbfd15f3003297799568f2ce62
i686
avahi-glib-0.7-21.el8_9.1.i686.rpm
c288e02521b3cee86f5410741ced7172abb75658be6ab298deac4bb72797dfb4
i686
avahi-ui-0.7-21.el8_9.1.i686.rpm
ea05fd226993386982182f145cc5a68633c2180f5e4ac42bad69c7313c85cd8c
i686
avahi-compat-libdns_sd-0.7-21.el8_9.1.i686.rpm
f2d0f5e11542ff00784c6399e2e9899d1d18062e64f24f23b8f31c832f53fa2c
ppc64le
avahi-compat-howl-0.7-21.el8_9.1.ppc64le.rpm
029f7a6f8547b33112f0fd4a9a0264b1dad6c8ea6c4c6f0d8fc2355fea65446e
ppc64le
avahi-gobject-devel-0.7-21.el8_9.1.ppc64le.rpm
05a7d6312460bac5d490aa15a2f534846454e4fbddddd42df416bc38f94ad80b
ppc64le
avahi-autoipd-0.7-21.el8_9.1.ppc64le.rpm
206dbf825968387363088200fde80d59ff348bdc92661dfc621c994fc19508d9
ppc64le
avahi-libs-0.7-21.el8_9.1.ppc64le.rpm
414073c2066c9eb800cb344991f632e7ceed106d157370e84d1e4be36191b04b
ppc64le
avahi-compat-howl-devel-0.7-21.el8_9.1.ppc64le.rpm
453df78c8116138c0fdf0e4efb2ffadccfe4d8270f5cc8808db43f6848ebed00
ppc64le
avahi-ui-devel-0.7-21.el8_9.1.ppc64le.rpm
5a6a280eabc722a38d552c5393160b1104efa3c841d8fc60d6fe0d9513f84a3e
ppc64le
avahi-0.7-21.el8_9.1.ppc64le.rpm
68c7fe63381f48f92bc6d44bc78392eb78f58d46e008b6b86817f3c2e733f451
ppc64le
avahi-tools-0.7-21.el8_9.1.ppc64le.rpm
7184a12c8f0bbde78a089feb903d8bfccc9aea1c100af1cf7712b9ea9c38aad6
ppc64le
avahi-devel-0.7-21.el8_9.1.ppc64le.rpm
811df6c7c139ba08339ddfb43bf3ea4f5728788214e773c1eed3032cfe9e2596
ppc64le
python3-avahi-0.7-21.el8_9.1.ppc64le.rpm
9f662e28c81cf7af25f46df45e782233db0af71d6dad4cb2b8334ed984f5a7a8
ppc64le
avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.ppc64le.rpm
bcf4c929ebfd70509f889d23891090f28722aa0cd79b23c79b6d2359c8ebcb4d
ppc64le
avahi-ui-gtk3-0.7-21.el8_9.1.ppc64le.rpm
bf38826c27ab60ce2a9ed93513f3247e5aae4f91b28ab19f41365defdbcd3dcf
ppc64le
avahi-ui-0.7-21.el8_9.1.ppc64le.rpm
c2a2e0dff65f2b09d1d1575fe45286dbb75f541a63cd7c0262136acef35c76f9
ppc64le
avahi-compat-libdns_sd-0.7-21.el8_9.1.ppc64le.rpm
cdaab7676a874e137e5d04a2e465e720d52fb64a5351a832bbe188b9e7597594
ppc64le
avahi-gobject-0.7-21.el8_9.1.ppc64le.rpm
da649b8dd5cb54a38d5c06b02abfaa74da52a98f12f3c0ba209bc85795e171a7
ppc64le
avahi-glib-devel-0.7-21.el8_9.1.ppc64le.rpm
ee90c3980496ed301382c71af5c298715598d479ea0084136acbc173946f30a3
ppc64le
avahi-glib-0.7-21.el8_9.1.ppc64le.rpm
f74b8de645af49f3618eba1ed7efb701d7f4a30f58121266f45cf922fc8a1a9b
s390x
avahi-glib-devel-0.7-21.el8_9.1.s390x.rpm
1b0d50e0a8b6927f1c49e0adc0c7de025ca668692b8639a70cea2f30316593b3
s390x
avahi-gobject-0.7-21.el8_9.1.s390x.rpm
4634e712ee9832ef8ead1ddc2bf69640709d61e53b940fccf4d43f3e94ed6c9b
s390x
avahi-libs-0.7-21.el8_9.1.s390x.rpm
4832f289d03da3829c917c2bc6f9770e25e32ff55ef8cbc76d8b2aa49a26c554
s390x
avahi-compat-howl-0.7-21.el8_9.1.s390x.rpm
69ed64a40b22ae4be955beec32cdf3630a7693d33b06accbf44cf3d8236d68f0
s390x
avahi-gobject-devel-0.7-21.el8_9.1.s390x.rpm
6b0ca721ab834aa94e6c22153f0b320b1666e1c36bb7efcac036315f0fa4eaa8
s390x
avahi-compat-libdns_sd-0.7-21.el8_9.1.s390x.rpm
6d2f567ef710e5e6e08f4f5e3ef047e083610d07fb99a4668f79ed6ed4f4e7d6
s390x
avahi-devel-0.7-21.el8_9.1.s390x.rpm
7ba04e967ce0ce56169161475cae6c0880155e6bd9ea89bf6cad8af6a52f2173
s390x
avahi-tools-0.7-21.el8_9.1.s390x.rpm
8304a2a7aeafc600bf9b70d2589cc265acd20dd275d10d7e21088906b14a2c53
s390x
avahi-ui-devel-0.7-21.el8_9.1.s390x.rpm
9b9122d002540ee161bf8f9668a50761ca13fc9b204739c31fff45dd2dafa665
s390x
python3-avahi-0.7-21.el8_9.1.s390x.rpm
9dfe5b26c153e4675cb8b60d7962a1c47070ffd08c99e904aefcf8d51ef26f38
s390x
avahi-0.7-21.el8_9.1.s390x.rpm
a73cc0c98861db8a85712a058056948e3afb81c9b3cf67a0cdc2f67dbbd7c5b8
s390x
avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.s390x.rpm
b1b1b10dc40c0531a6b9db1bd91bdd5163f0e3d960d2ab9a35945e8c4327943f
s390x
avahi-compat-howl-devel-0.7-21.el8_9.1.s390x.rpm
bed5b57f4c6b92738f992115c41d9e19a22c8049aca5c8b37c3c99ebc6f6dab2
s390x
avahi-autoipd-0.7-21.el8_9.1.s390x.rpm
c718f4a4192c7869f937daf24d2845cd53af61bfe8462ae531a8d9173b8b5905
s390x
avahi-ui-gtk3-0.7-21.el8_9.1.s390x.rpm
ccb993b6c64ae19c6aa28c732f254272308bc8b54a9be6c29bc80458de57b79d
s390x
avahi-glib-0.7-21.el8_9.1.s390x.rpm
d389cc78fa65bbcfe2fddc1ff426c8c8ad8019e1077bb3d84a357178b494ecf8
s390x
avahi-ui-0.7-21.el8_9.1.s390x.rpm
f2d67e5c3fcdc12a2b471b28a215e62fde42d5f06e3f739d66ed028dbd7e6eca
x86_64
avahi-compat-libdns_sd-0.7-21.el8_9.1.x86_64.rpm
1f37d5dc49316c0940522b99d333320c85bebe9f197b35839c13fcad59d61bc7
x86_64
avahi-autoipd-0.7-21.el8_9.1.x86_64.rpm
3539bec70ef8641a95eab11e8bd283f8d516c6b5ef2de39bf97ca47938d79054
x86_64
avahi-compat-howl-devel-0.7-21.el8_9.1.x86_64.rpm
3575f1b9ac6be3ab571ac5a7b773ba3ea23c632be194c4ee6290e05ad71ac92e
x86_64
avahi-compat-howl-0.7-21.el8_9.1.x86_64.rpm
45ef8bb2a42d37813f78a435bdc374b5c072a9e4a6314d0241170a2fc2bee51b
x86_64
avahi-glib-devel-0.7-21.el8_9.1.x86_64.rpm
72ca6eec43a1e3005cf6f44057e11b41e4c50dcb20409cc3d0ceaa76e9885811
x86_64
avahi-glib-0.7-21.el8_9.1.x86_64.rpm
747a6f26e852f00ea41aa73b4e3712a0b1d6c51a95fc0b38001568690e5c4508
x86_64
avahi-ui-devel-0.7-21.el8_9.1.x86_64.rpm
94876cdfad5ff132591f5da9711057556b8cc8d2c0a2e01566e93086fc746dd8
x86_64
python3-avahi-0.7-21.el8_9.1.x86_64.rpm
9ebb4c61b0d1fc1a7aa3c79446bcc050d9e819cd630b8b9a65ac88ece089f8d2
x86_64
avahi-devel-0.7-21.el8_9.1.x86_64.rpm
ac5fd387604e1c610120d552859ca216383b93517420b7ef064529b746b1f34a
x86_64
avahi-compat-libdns_sd-devel-0.7-21.el8_9.1.x86_64.rpm
c6b21641b85eca42219a46ea90c530821c40af1e0624de0e074ae404133c00f3
x86_64
avahi-tools-0.7-21.el8_9.1.x86_64.rpm
cc82d905e63334be791a450908f7bce84b1a8d836db4c4f087fc3324fc7bca4e
x86_64
avahi-0.7-21.el8_9.1.x86_64.rpm
d767e3df29f6099aa0c33a6e1579463a61686b5ea19785cd5446ee790cf21934
x86_64
avahi-libs-0.7-21.el8_9.1.x86_64.rpm
dcd87b0380e8e036870bf52a8ef9dcc465e6c0e4f0fe7059f204f89a554c8899
x86_64
avahi-gobject-devel-0.7-21.el8_9.1.x86_64.rpm
e14a0279f7e798106e8b1d5e71f2e35132c9633043b3d8f17d2112243b8f66d7
x86_64
avahi-gobject-0.7-21.el8_9.1.x86_64.rpm
e4e9df95037d24e6b2845401018a7c0038365fde46af70b995ed283cf607105e
x86_64
avahi-ui-gtk3-0.7-21.el8_9.1.x86_64.rpm
e94cda0f1cb8695a5eb42e4781588c579bfbaa499080d5f8500537d6db306399
x86_64
avahi-ui-0.7-21.el8_9.1.x86_64.rpm
ee333b0c17326acbb56d7a4c9122d0917e010e1d5de1ad4d0135a5b0f1e749ae

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7836 Moderate: avahi security update



ALSA-2023:7841 Important: gstreamer1-plugins-bad-free security update


ID:
ALSA-2023:7841

Title:
ALSA-2023:7841 Important: gstreamer1-plugins-bad-free security update

Type:
security

Severity:
important

Release date:
2023-12-15

Description
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-44446
RHSA-2023:7841
ALSA-2023:7841

Updated packages listed below:
Architecture
Package
Checksum
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.alma.1.aarch64.rpm
41fc933a0f3bf8c7059f55ddde0609657d59e2142ce5e0eac471661f21fde6bf
aarch64
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.alma.1.aarch64.rpm
4fff8b7c1b023eb7fc368939826b93b6d67c3c1d79c4d65c684cf3a55d2c45ea
i686
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.alma.1.i686.rpm
545d713a522e3c0d928e779bd053bc53f9ca0e35f7617ccc4e19be5ab1eb5154
i686
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.alma.1.i686.rpm
da7e4bceb43db51b2933eb5426c5fe2777561ad813cb138d76ebe831062484e5
ppc64le
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.alma.1.ppc64le.rpm
1640feafbc36f4a256d90c0eed038d39208d20645218ea76ec9b7dc7384fd1f1
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.alma.1.ppc64le.rpm
7669fee0d4895c9f6dcc5b1693a442e2fa1ff895002314d9a17db593fc1e675e
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.alma.1.s390x.rpm
9edf7a8a4871c96225e64cd6adc731e58637ac6914f22ca87d2a8a0ad3ee1626
s390x
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.alma.1.s390x.rpm
c646c890fa6c81f12730e818e92028c1e73fb39e45b07ab4c1a35ddc802bf41d
x86_64
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.alma.1.x86_64.rpm
266ee30fb646a6ea2037cab1507ea020872bd8915032074daed58410629c219c
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.alma.1.x86_64.rpm
9f0fd33e836e443055af0aeda8bc0e2e91c15418525d2b455a6677fef5647e19

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:7841 Important: gstreamer1-plugins-bad-free security update