The following updates have been released for AlmaLinux:
ALSA-2023:7501 Important: thunderbird security update
ALSA-2023:7507 Important: firefox security update
ALSA-2023:7711 Moderate: apr security update
ID:
ALSA-2023:7501
Title:
ALSA-2023:7501 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.5.0.
Security Fix(es):
* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
* Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6204
CVE-2023-6205
CVE-2023-6206
CVE-2023-6207
CVE-2023-6208
CVE-2023-6209
CVE-2023-6212
RHSA-2023:7501
ALSA-2023:7501
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.5.0-1.el9_3.alma.plus.aarch64.rpm
2f7dc4264c32d069304f399f6f09009ab0ea6615b84e80f9b15d394951cdaa95
aarch64
thunderbird-115.5.0-1.el9_3.alma.aarch64.rpm
89579f2615695b4a7464cc69b61f88937ec19701d5769f8bf9c731e11e7ff394
ppc64le
thunderbird-115.5.0-1.el9_3.alma.plus.ppc64le.rpm
0360e7831aafba79eb0a38a9137f8da935b465e5d2f8c50e6727c8a765c4f753
ppc64le
thunderbird-115.5.0-1.el9_3.alma.ppc64le.rpm
9cfb2211851cfe3c5082093a505703c0e280f2c2af47bac78199f51b9efad07b
s390x
thunderbird-115.5.0-1.el9_3.alma.plus.s390x.rpm
9edd8c714b8725fb36e2ed6a5c18f653a60dd52a45518aa20a8a04b02d810de6
s390x
thunderbird-115.5.0-1.el9_3.alma.s390x.rpm
f48d10c3f7af0953cf150d6be03763849eeb2c92aa6d196e019ab1fad478f5a8
x86_64
thunderbird-115.5.0-1.el9_3.alma.x86_64.rpm
823f85952938f2a34848eb53501af8a382b7f176c92ac94346629be48b0dde94
x86_64
thunderbird-115.5.0-1.el9_3.alma.plus.x86_64.rpm
9da805ee71ab4f89581b1d8ac5ca870326b8da03cb1e29ba4bcf3880ae8dff89
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2023:7507
Title:
ALSA-2023:7507 Important: firefox security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.5.0 ESR.
Security Fix(es):
* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
* Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6204
CVE-2023-6205
CVE-2023-6206
CVE-2023-6207
CVE-2023-6208
CVE-2023-6209
CVE-2023-6212
RHSA-2023:7507
ALSA-2023:7507
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.5.0-1.el9_3.alma.1.aarch64.rpm
6766a878da4568ce3bb690963966f65c80431d83991ea1f3bccb17864ebb1037
aarch64
firefox-x11-115.5.0-1.el9_3.alma.1.aarch64.rpm
7ca6d09061158ba33f5a550b48708946ccb94d5aa1b3a62e1ae20a58720ce52f
ppc64le
firefox-x11-115.5.0-1.el9_3.alma.1.ppc64le.rpm
d7d423741e62aaa0b6ecbb5024eaafbdbb4ae37c2e9920b4d4dba1972701fb61
ppc64le
firefox-115.5.0-1.el9_3.alma.1.ppc64le.rpm
dab6756faa6f3560fa6530d5a490d42949df011b0fabd0eed006042d81ff0a1f
s390x
firefox-115.5.0-1.el9_3.alma.1.s390x.rpm
8628f05509e05e3b500eb31236b6d410c9f5b98bcd62089b39fbc5befe2cd101
s390x
firefox-x11-115.5.0-1.el9_3.alma.1.s390x.rpm
a61e9b6d3d98056f863dab95e3bc72dfe2be6a05b50df5d1fbc90d3fc465789b
x86_64
firefox-115.5.0-1.el9_3.alma.1.x86_64.rpm
079a530d20dd141cdeccd9e63d27e425876673f6ca1cd6e37d64a49378e1c189
x86_64
firefox-x11-115.5.0-1.el9_3.alma.1.x86_64.rpm
6c63cd3ed3668149d84ab407906b785326b0e5ebeae64475a4b41483f6fe46e9
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2023:7711
Title:
ALSA-2023:7711 Moderate: apr security update
Type:
security
Severity:
moderate
Release date:
2023-12-11
Description
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2022-24963
RHSA-2023:7711
ALSA-2023:7711
Updated packages listed below:
Architecture
Package
Checksum
aarch64
apr-1.7.0-12.el9_3.aarch64.rpm
045884f90bc9cff4bd90d41a75ba69d9fd27427e805ab878bb6f24ea741ceca1
aarch64
apr-devel-1.7.0-12.el9_3.aarch64.rpm
86f6d8d34ab57e9d1787ba3a4aeaa3df5fae0e7632998a219ef4bb6d65f8f676
i686
apr-devel-1.7.0-12.el9_3.i686.rpm
901036b5c5f99ee349ebc76720e67e63c0ce82b7fe0089549c73bc7b1f66978f
i686
apr-1.7.0-12.el9_3.i686.rpm
a1f81bf4834143d4db214f0120b310d3121ebe7b686887f923fc7c3e1f223217
ppc64le
apr-devel-1.7.0-12.el9_3.ppc64le.rpm
662538c51de472a17bac2ff459e934bb41687d6e58a0445e01889e007d224e19
ppc64le
apr-1.7.0-12.el9_3.ppc64le.rpm
d8bbf9bfec15e757ec302e775ec2134a0c84d15502d0a23af99beecc4b0cb973
s390x
apr-devel-1.7.0-12.el9_3.s390x.rpm
6aac13dcbf258bb1689c88edeb61a911329ffdc8c567793f80eddefb95b5c2a1
s390x
apr-1.7.0-12.el9_3.s390x.rpm
b0061fd109e411313ce7c9dee754b0a918a23e361f1ef5fb622b464933cc2ae0
x86_64
apr-devel-1.7.0-12.el9_3.x86_64.rpm
689bb45990d2b3dac888cc967d20fe3b4cfeb980025619a744e62ec8edc05b5e
x86_64
apr-1.7.0-12.el9_3.x86_64.rpm
7c6db55bd938cb3aa58ef4df34c7d2418591659b50fc83f9a697c41460e116f7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2023:7501 Important: thunderbird security update
ALSA-2023:7507 Important: firefox security update
ALSA-2023:7711 Moderate: apr security update
ALSA-2023:7501 Important: thunderbird security update
ID:
ALSA-2023:7501
Title:
ALSA-2023:7501 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.5.0.
Security Fix(es):
* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
* Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6204
CVE-2023-6205
CVE-2023-6206
CVE-2023-6207
CVE-2023-6208
CVE-2023-6209
CVE-2023-6212
RHSA-2023:7501
ALSA-2023:7501
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.5.0-1.el9_3.alma.plus.aarch64.rpm
2f7dc4264c32d069304f399f6f09009ab0ea6615b84e80f9b15d394951cdaa95
aarch64
thunderbird-115.5.0-1.el9_3.alma.aarch64.rpm
89579f2615695b4a7464cc69b61f88937ec19701d5769f8bf9c731e11e7ff394
ppc64le
thunderbird-115.5.0-1.el9_3.alma.plus.ppc64le.rpm
0360e7831aafba79eb0a38a9137f8da935b465e5d2f8c50e6727c8a765c4f753
ppc64le
thunderbird-115.5.0-1.el9_3.alma.ppc64le.rpm
9cfb2211851cfe3c5082093a505703c0e280f2c2af47bac78199f51b9efad07b
s390x
thunderbird-115.5.0-1.el9_3.alma.plus.s390x.rpm
9edd8c714b8725fb36e2ed6a5c18f653a60dd52a45518aa20a8a04b02d810de6
s390x
thunderbird-115.5.0-1.el9_3.alma.s390x.rpm
f48d10c3f7af0953cf150d6be03763849eeb2c92aa6d196e019ab1fad478f5a8
x86_64
thunderbird-115.5.0-1.el9_3.alma.x86_64.rpm
823f85952938f2a34848eb53501af8a382b7f176c92ac94346629be48b0dde94
x86_64
thunderbird-115.5.0-1.el9_3.alma.plus.x86_64.rpm
9da805ee71ab4f89581b1d8ac5ca870326b8da03cb1e29ba4bcf3880ae8dff89
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2023:7501 Important: thunderbird security update
ALSA-2023:7507 Important: firefox security update
ID:
ALSA-2023:7507
Title:
ALSA-2023:7507 Important: firefox security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.5.0 ESR.
Security Fix(es):
* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
* Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6204
CVE-2023-6205
CVE-2023-6206
CVE-2023-6207
CVE-2023-6208
CVE-2023-6209
CVE-2023-6212
RHSA-2023:7507
ALSA-2023:7507
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.5.0-1.el9_3.alma.1.aarch64.rpm
6766a878da4568ce3bb690963966f65c80431d83991ea1f3bccb17864ebb1037
aarch64
firefox-x11-115.5.0-1.el9_3.alma.1.aarch64.rpm
7ca6d09061158ba33f5a550b48708946ccb94d5aa1b3a62e1ae20a58720ce52f
ppc64le
firefox-x11-115.5.0-1.el9_3.alma.1.ppc64le.rpm
d7d423741e62aaa0b6ecbb5024eaafbdbb4ae37c2e9920b4d4dba1972701fb61
ppc64le
firefox-115.5.0-1.el9_3.alma.1.ppc64le.rpm
dab6756faa6f3560fa6530d5a490d42949df011b0fabd0eed006042d81ff0a1f
s390x
firefox-115.5.0-1.el9_3.alma.1.s390x.rpm
8628f05509e05e3b500eb31236b6d410c9f5b98bcd62089b39fbc5befe2cd101
s390x
firefox-x11-115.5.0-1.el9_3.alma.1.s390x.rpm
a61e9b6d3d98056f863dab95e3bc72dfe2be6a05b50df5d1fbc90d3fc465789b
x86_64
firefox-115.5.0-1.el9_3.alma.1.x86_64.rpm
079a530d20dd141cdeccd9e63d27e425876673f6ca1cd6e37d64a49378e1c189
x86_64
firefox-x11-115.5.0-1.el9_3.alma.1.x86_64.rpm
6c63cd3ed3668149d84ab407906b785326b0e5ebeae64475a4b41483f6fe46e9
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2023:7507 Important: firefox security update
ALSA-2023:7711 Moderate: apr security update
ID:
ALSA-2023:7711
Title:
ALSA-2023:7711 Moderate: apr security update
Type:
security
Severity:
moderate
Release date:
2023-12-11
Description
The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2022-24963
RHSA-2023:7711
ALSA-2023:7711
Updated packages listed below:
Architecture
Package
Checksum
aarch64
apr-1.7.0-12.el9_3.aarch64.rpm
045884f90bc9cff4bd90d41a75ba69d9fd27427e805ab878bb6f24ea741ceca1
aarch64
apr-devel-1.7.0-12.el9_3.aarch64.rpm
86f6d8d34ab57e9d1787ba3a4aeaa3df5fae0e7632998a219ef4bb6d65f8f676
i686
apr-devel-1.7.0-12.el9_3.i686.rpm
901036b5c5f99ee349ebc76720e67e63c0ce82b7fe0089549c73bc7b1f66978f
i686
apr-1.7.0-12.el9_3.i686.rpm
a1f81bf4834143d4db214f0120b310d3121ebe7b686887f923fc7c3e1f223217
ppc64le
apr-devel-1.7.0-12.el9_3.ppc64le.rpm
662538c51de472a17bac2ff459e934bb41687d6e58a0445e01889e007d224e19
ppc64le
apr-1.7.0-12.el9_3.ppc64le.rpm
d8bbf9bfec15e757ec302e775ec2134a0c84d15502d0a23af99beecc4b0cb973
s390x
apr-devel-1.7.0-12.el9_3.s390x.rpm
6aac13dcbf258bb1689c88edeb61a911329ffdc8c567793f80eddefb95b5c2a1
s390x
apr-1.7.0-12.el9_3.s390x.rpm
b0061fd109e411313ce7c9dee754b0a918a23e361f1ef5fb622b464933cc2ae0
x86_64
apr-devel-1.7.0-12.el9_3.x86_64.rpm
689bb45990d2b3dac888cc967d20fe3b4cfeb980025619a744e62ec8edc05b5e
x86_64
apr-1.7.0-12.el9_3.x86_64.rpm
7c6db55bd938cb3aa58ef4df34c7d2418591659b50fc83f9a697c41460e116f7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2023:7711 Moderate: apr security update
