The following updates have been released for AlmaLinux:
ALSA-2024:0557 Important: tigervnc security update
ALSA-2024:0602 Important: thunderbird security update
ALSA-2024:0603 Important: firefox security update
ALSA-2024:0606 Moderate: openssh security update
ALSA-2024:0607 Important: tigervnc security update
ALSA-2024:0608 Important: firefox security update
ALSA-2024:0609 Important: thunderbird security update
ALSA-2024:0627 Moderate: gnutls security update
ALSA-2024:0628 Moderate: libssh security update
ALSA-2024:0647 Moderate: rpm security update
ALSA-2024:0670 Important: runc security update
ID:
ALSA-2024:0557
Title:
ALSA-2024:0557 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-31
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
RHSA-2024:0557
ALSA-2024:0557
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
41a1056ea4b27a05eea406dbe51fa4ded91cf8a4c8be1c2a2a471a54ad05182f
aarch64
tigervnc-server-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
7db025f9a19a4b3f9faf4b63154b58c823dd177ec59a71eb6c8a242c278941e8
aarch64
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
ea549ec6b77c382a8f29177cfea3aeb9a1e3199bb80ad492c10b3d0e2bbc571c
aarch64
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
fd9e0e4168ad3f0fbdc9b7bc92c237fef1bf2d673b61878d5e41792ef756e15c
noarch
tigervnc-license-1.13.1-3.el9_3.6.alma.1.noarch.rpm
4c5f5ac26ea3fd5c86eb2a2ead5617a4c3afeab2d61239ba0e4144a6fc242cf9
noarch
tigervnc-icons-1.13.1-3.el9_3.6.alma.1.noarch.rpm
e1af8361e82b513ee2f2fbbbd88156a499467cba27ddc1423e92d94293cbe255
noarch
tigervnc-selinux-1.13.1-3.el9_3.6.alma.1.noarch.rpm
fec12fd04cc7d5cc50381ca18c190ad46a5cc938f296f16e3b6aa24d17e75b07
ppc64le
tigervnc-server-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
79d02a1e21a26d2ac9b786d2303a40f1ec3f3dca8d3a47bbdad199c1f31198f0
ppc64le
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
cdab811582754693638dcb51362aa05c2b684e7f1254c80304066c8bf1e3c0a1
ppc64le
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
dfdc38ccdc06cf996a3265c1572bb8e9800ea0f9a373b40c8b1d78e4f27533b1
ppc64le
tigervnc-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
ecd79ed125a0a8f4525aa50ab5319f409047c4203c30c73bebb738b475af0736
s390x
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.s390x.rpm
37a7e49a4ec628e53a1c6565a241f42b668dafa4a94e9eeb382feb9582902cfc
s390x
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.s390x.rpm
38b9f15bd0dd8c2ccbffd78e6782f48955e1b677abd4631df54a3f579158d699
s390x
tigervnc-1.13.1-3.el9_3.6.alma.1.s390x.rpm
92ab66d538f7f9d3624d325038fcbc68517e1a50cd45dc7296732f4372e8bc26
s390x
tigervnc-server-1.13.1-3.el9_3.6.alma.1.s390x.rpm
b01643eeeba766695c35591505be40bcd0a16772baab2b4ed4712dc5b074035a
x86_64
tigervnc-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
16cde6196c0123c6102b12dd140445a956efcbe52714d96519a35a54938e8130
x86_64
tigervnc-server-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
512e928edcca8d3e3028aeaf75f74389c9d303ab4e796e3d0f03e6c7926942ef
x86_64
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
592244a12046c8082930bb15fc3eb288a08d92e9c0ac9939bb8f9cbcd2cbfaa3
x86_64
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
bdbe935bd5f004c2e161e50651be455fccb0a5eac8821331bb7f86a77b6b5e52
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0602
Title:
ALSA-2024:0602 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.7.0.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0602
ALSA-2024:0602
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.7.0-1.el9_3.alma.aarch64.rpm
c7268d83fbd8bf66c13d0fb205d25d89ac26eb9ccf6c52c7e697a337e049cf03
aarch64
thunderbird-115.7.0-1.el9_3.alma.plus.aarch64.rpm
cb4dd06154ec44451e99904355071628c23c20da2240fd957b772ca9edb1e4ac
ppc64le
thunderbird-115.7.0-1.el9_3.alma.ppc64le.rpm
bd441b5e20ade6537617f338bd717e48b240f0acd436f7315c6d591e85f96c43
ppc64le
thunderbird-115.7.0-1.el9_3.alma.plus.ppc64le.rpm
dc058000a8e9da942d8795958b0e7d73e84cf5162fa3d13cdf1f4a0e0f9cc78a
s390x
thunderbird-115.7.0-1.el9_3.alma.s390x.rpm
5f95146cb536f7bd21fa676f0555a8b23533fb2a48e705c7463d6a03cfbdead2
s390x
thunderbird-115.7.0-1.el9_3.alma.plus.s390x.rpm
fe42306b33ea37d882095a90d44a20c55ac3b7afad4afb2866e4625ed090d6b7
x86_64
thunderbird-115.7.0-1.el9_3.alma.x86_64.rpm
06b7955fcd7b1ae70536c401e6de21a07c166aa788697bc0909f803711465a43
x86_64
thunderbird-115.7.0-1.el9_3.alma.plus.x86_64.rpm
285f185f308b4674f965a5385f8278f82be7f3f18515b2d25ed866f7828b0f2c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0603
Title:
ALSA-2024:0603 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.7.0 ESR.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0603
ALSA-2024:0603
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.7.0-1.el9_3.alma.aarch64.rpm
abc2d85a1051398961074e859c1bde1b8167b5bd753a812b201bdf707f4b80ab
aarch64
firefox-x11-115.7.0-1.el9_3.alma.aarch64.rpm
c293687150213ba83497bc6f4396e5aba0fd724025d08a3e99f396edde63ffe7
ppc64le
firefox-x11-115.7.0-1.el9_3.alma.ppc64le.rpm
a058c3cdab6fe9ef59c29f0d9a9f1b92201a80aa636499cf322853b9d7a970a6
ppc64le
firefox-115.7.0-1.el9_3.alma.ppc64le.rpm
af23e460e015546702c8e7fae418bb3c57e2929c7fdeffc030e5045e2705adfb
s390x
firefox-x11-115.7.0-1.el9_3.alma.s390x.rpm
096fd35b51b3ebc162fb9f05584c9b706ccdbd4a726489c44d8b1c121fb2b6d9
s390x
firefox-115.7.0-1.el9_3.alma.s390x.rpm
6f585401036e31b1013f43f0c5e948caa84d6075f96a9e22ec8f421acba17fbd
x86_64
firefox-x11-115.7.0-1.el9_3.alma.x86_64.rpm
17e694fabb4bef0fcdb5c5c06ce4642687918d40fbfb01a2ffc4506e7d4a95ca
x86_64
firefox-115.7.0-1.el9_3.alma.x86_64.rpm
b4ae85dc027028dfd57a0355a986bb78e15207322ac30a0587a6e58434bc2f00
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0606
Title:
ALSA-2024:0606 Moderate: openssh security update
Type:
security
Severity:
moderate
Release date:
2024-01-31
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* openssh: potential command injection via shell metacharacters (CVE-2023-51385)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-48795
CVE-2023-51385
RHSA-2024:0606
ALSA-2024:0606
Updated packages listed below:
Architecture
Package
Checksum
aarch64
openssh-clients-8.0p1-19.el8_9.2.aarch64.rpm
0c0405a2ab61a34ba52a2b4c1e63c3b3ae60dd5e68cca6ce9d6342137461676e
aarch64
openssh-cavs-8.0p1-19.el8_9.2.aarch64.rpm
6131d47f0b5cbc0129056ed6349cc7f75046c410501d6b6a0982591b2ec7a159
aarch64
openssh-ldap-8.0p1-19.el8_9.2.aarch64.rpm
6e27fe8308776b15cc4bdec0153b27f20ec63870f7d471f4525a8415598d47d3
aarch64
openssh-server-8.0p1-19.el8_9.2.aarch64.rpm
70658efe495a4c8442c2cb52f7524877ebb12276c70672b5103a8ef8ef48de7f
aarch64
openssh-askpass-8.0p1-19.el8_9.2.aarch64.rpm
793fadb5d53d6b693d7ff1cf4ccf849d6ebab14ccac0cd506b7f88ee13d29a90
aarch64
openssh-8.0p1-19.el8_9.2.aarch64.rpm
8ef2ce0053ad48851ea3afa73749283a439c602c9340a4b4e45213e56268dad0
aarch64
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.aarch64.rpm
9c6b917e73600e98487bf45f17e761d9c8d731e1e005105860b0d53439861a97
aarch64
openssh-keycat-8.0p1-19.el8_9.2.aarch64.rpm
f9e102ed8b436509ae4ca5977e5f8c87a5bbf241a81902fc19c0e5bbd2c548ff
ppc64le
openssh-keycat-8.0p1-19.el8_9.2.ppc64le.rpm
0865cec118c71a01d693c27aca19569837dd18e61c8de82f1bc8974893b151dd
ppc64le
openssh-8.0p1-19.el8_9.2.ppc64le.rpm
1bff0654b186f7ad3fb843ad9d8418cf1ea2a8f08858efc35618e8dc6cf71aec
ppc64le
openssh-askpass-8.0p1-19.el8_9.2.ppc64le.rpm
23ffd81cfaf69f26834e9fbb3fe2f4b1f3090e8b5eca4ba53d33aab77e871de0
ppc64le
openssh-cavs-8.0p1-19.el8_9.2.ppc64le.rpm
7863968d2d5af1ff2c324ab3393196b0fca494b1cf51627425fa55e3a72c18f8
ppc64le
openssh-ldap-8.0p1-19.el8_9.2.ppc64le.rpm
b22a60fed625f372adf7f834e06d384cdfed8e58bccf1e32d201c40d1425aedb
ppc64le
openssh-server-8.0p1-19.el8_9.2.ppc64le.rpm
c286e252a66c8567214524ed8b30e62d53cc737ad513128d17e77c31595e2376
ppc64le
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.ppc64le.rpm
f68ae5b2ba14f198b1de8eca9a3b273ff5b3c9eef6a0124cb351e7c15a34c30b
ppc64le
openssh-clients-8.0p1-19.el8_9.2.ppc64le.rpm
fdcbe84d95d04260fdcbf1c7d8e8877ae66ee828e63f1e573a2983e06a05e42f
s390x
openssh-ldap-8.0p1-19.el8_9.2.s390x.rpm
4372aa95600584df9b139404b2d9063f589f8822162485e79b5667b0baf5bddc
s390x
openssh-server-8.0p1-19.el8_9.2.s390x.rpm
50621ed93920e66b206f6dce8905d86ffa1b3608ca0954c2b4efcd6281c80cdc
s390x
openssh-cavs-8.0p1-19.el8_9.2.s390x.rpm
52a825d267990593789f87e17d939edae3c6bc00e642c754e0d9b32bc659c434
s390x
openssh-clients-8.0p1-19.el8_9.2.s390x.rpm
7d0daff30c182c7c5d539773778eebad925591b24deb997a2a066126e51ded95
s390x
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.s390x.rpm
a584eb479f96748eab0029bbd4e20f53db384575511961a51e2024ad766f9583
s390x
openssh-8.0p1-19.el8_9.2.s390x.rpm
b2cd7da52dc8468ba1866bec643d975a254e46bed75e1e14f602464b65763009
s390x
openssh-keycat-8.0p1-19.el8_9.2.s390x.rpm
c1441055789e6b214145a230336830e10bc201488126b635ede36b873cb7ca66
s390x
openssh-askpass-8.0p1-19.el8_9.2.s390x.rpm
e2469a8a10496196e335b0449ebda83cffc9f4b27799585c6c5f5d158fbf380d
x86_64
openssh-cavs-8.0p1-19.el8_9.2.x86_64.rpm
2a001b6e918caef30bc528bac72a755caa08a562a8d6ba24d58a5e6d68d99f9d
x86_64
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.x86_64.rpm
53a8a13a560fe0e114175cc0bdd7e6cc26fa49c4f45ac57048bd548a11bbb69f
x86_64
openssh-clients-8.0p1-19.el8_9.2.x86_64.rpm
54006c9670b980ebf37f3d9afa6c55cd21b2f7a4e52b4103bc49f1125d81f933
x86_64
openssh-askpass-8.0p1-19.el8_9.2.x86_64.rpm
9e8f59a2ba14c15b29e64b7fd6f840c5a800a595362063578c6d7f047871a8fe
x86_64
openssh-server-8.0p1-19.el8_9.2.x86_64.rpm
a6980838e3a9550e4bd436a8052ec64954b3b27758c23a654cb6c67dc8c83428
x86_64
openssh-keycat-8.0p1-19.el8_9.2.x86_64.rpm
aa8390b928866e7100f3e0e7da38c05e34f286b9ee15b3914bcdf9ffe5d02fae
x86_64
openssh-8.0p1-19.el8_9.2.x86_64.rpm
c05724680b503f7224450853ca38ab10459e356eb5a1d8d11fa7689ce4f4ebe3
x86_64
openssh-ldap-8.0p1-19.el8_9.2.x86_64.rpm
c26b62d5fd9ec3020292f41188dc82a4a26bbe16c4d01bca0c50f2e83ca89dad
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0607
Title:
ALSA-2024:0607 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-31
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
RHSA-2024:0607
ALSA-2024:0607
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
31c77b7c23eddb54076f2562ac1e3c55b66f1662240c63e742322771338a6cb0
aarch64
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
4bb8a9660f08de4339a934edbf8009c747515bf2cc1b4f6601a738e92fe0f91d
aarch64
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
8a27c5fc340b79f39003f93197271a7fedeef7ce97c39492ed8aa791aeefa31b
aarch64
tigervnc-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
b958e79b8fe965e5a30177d83fea4b92cd6de4972cd19e0a338a0667755d3629
noarch
tigervnc-icons-1.13.1-2.el8_9.7.alma.1.noarch.rpm
690135ab868a3f2ec8c9779a5b3c12c453e96dc806febe6416dbeefc2d7120c1
noarch
tigervnc-license-1.13.1-2.el8_9.7.alma.1.noarch.rpm
8bff591ce0c81224114bbf3bbbad1bb8064af6afabfaf3bad3c7e7dd1b40ab76
noarch
tigervnc-selinux-1.13.1-2.el8_9.7.alma.1.noarch.rpm
aadc517b4dd07c9e83ab5d3db642178b0041b682a19db2fac97a43a383fe2b64
ppc64le
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
324b6443f79321181c49dfde46649fa51e7506a9f527796f18ba8664eb4e3aba
ppc64le
tigervnc-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
909ff1104bdd8faf529d500d9b1ac5e1828812ab2541b64f330594f5bcc14614
ppc64le
tigervnc-server-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
996b2ed9ffaaab3cacbb64d3b6c405d675ebd3681de3d84956305d775daf9b56
ppc64le
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
a7cd4b65bb0ed5e13210e7156c0e622c94fa58965d3efb7b21f86edc760f5ae9
s390x
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.s390x.rpm
27bcff896d7a5ed1c9098d86b4a66cdfb511f0e4f0e03f8eb3a2f87911065134
s390x
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.s390x.rpm
447164193aa0b1ff98c32e62b804ab2a7e498df259c6761b3d0f72e0da225779
s390x
tigervnc-server-1.13.1-2.el8_9.7.alma.1.s390x.rpm
49a80d15b0f7cdd36bf8c4c2f6d01b01e142190b9fa8c91f9a2556b804ac837c
s390x
tigervnc-1.13.1-2.el8_9.7.alma.1.s390x.rpm
7daaf6efc093341c70768e61361f56250eb73b9d5d08c29253243eaf24788126
x86_64
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
25ce53490f34a67d6f8dbdbf5a7e80cce24ee41ea0f605c34de84b936bf43676
x86_64
tigervnc-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
56026b8dd619cc84ed9d31d462ac41c7ab9ac32091b726b2eea9104be966a7c7
x86_64
tigervnc-server-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
86b8f8bc208c95ceff1d53dd95e3e4c8709fda53d987e59037292eace56c5b03
x86_64
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
f0d3c49494fe5094581c0e1a78d56b5cd9dfcee56447d9e5ae4d340eada510d0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0608
Title:
ALSA-2024:0608 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.7.0 ESR.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0608
ALSA-2024:0608
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.7.0-1.el8_9.alma.1.aarch64.rpm
fe8e8d2259cf7c9fe43ae0e1d2eb5fce7fcd4bd6fb67715a90c5c47088a0b954
ppc64le
firefox-115.7.0-1.el8_9.alma.1.ppc64le.rpm
f51b02c24751bd59440172a619b08210f5431eb58336a2f96dcb1724d061e9e4
s390x
firefox-115.7.0-1.el8_9.alma.1.s390x.rpm
a3438086ed03b305db937a89ecad4ad400e44279a579661c3807e2fb1e93dc73
x86_64
firefox-115.7.0-1.el8_9.alma.1.x86_64.rpm
f5b663346e03b479dc533825b5b8f8a7959191f2245ed1c2bcf230a18d2c90ef
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0609
Title:
ALSA-2024:0609 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.7.0.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0609
ALSA-2024:0609
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.7.0-1.el8_9.alma.plus.aarch64.rpm
a58a13417bf754e2b1d8cba0f8b6a5c0c6b0328322e42c4800b2389532e3938d
aarch64
thunderbird-115.7.0-1.el8_9.alma.1.aarch64.rpm
ec30eef07e61a3f2a7c89f73ee4b932885d2281a36fdb01f43ec8bb949086d6b
ppc64le
thunderbird-115.7.0-1.el8_9.alma.1.ppc64le.rpm
dc549ed52240bb6152c62cc9935372163c9e47903d0a985fe587df66c8a2c98e
ppc64le
thunderbird-115.7.0-1.el8_9.alma.plus.ppc64le.rpm
f56ac11f27f8ec5ef9feca7f1f5363a2026f4a6e316f08c58aad4507673159f7
s390x
thunderbird-115.7.0-1.el8_9.alma.plus.s390x.rpm
abfb7e60cb918397ab7df36b07d4c391de122828d0bbef2e5a6d8143c2d91143
s390x
thunderbird-115.7.0-1.el8_9.alma.1.s390x.rpm
d7da4891df32b6e6f8df5e082d351caf17d221236c167a91169f2694879432df
x86_64
thunderbird-115.7.0-1.el8_9.alma.plus.x86_64.rpm
0b32a093526ab7a09dc93d2ddb8c2470f767289e52d06889cf6bc6a6c46de846
x86_64
thunderbird-115.7.0-1.el8_9.alma.1.x86_64.rpm
2e6e0ba4bd4125c806a8bf3e6c182c11209586f7c9e172114cee2f3d6e9ba232
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0627
Title:
ALSA-2024:0627 Moderate: gnutls security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Security Fix(es):
* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0553
RHSA-2024:0627
ALSA-2024:0627
Updated packages listed below:
Architecture
Package
Checksum
aarch64
gnutls-devel-3.6.16-8.el8_9.1.aarch64.rpm
0dae666bc9ed7c4a0181efcabbe39d0231be12d0e5763b17462249dfb81fbbb2
aarch64
gnutls-dane-3.6.16-8.el8_9.1.aarch64.rpm
43de8157e5e823974b33343ffc1f3b89def69b6a4515067ffd6b6ccac6347c71
aarch64
gnutls-utils-3.6.16-8.el8_9.1.aarch64.rpm
4e2e3bf2b90d35a96654d11ebb143fb6d7cf5cba34e2eddc478ac6906f110fce
aarch64
gnutls-c++-3.6.16-8.el8_9.1.aarch64.rpm
db733e174f695787dc8330df208dc94f050ed372e0b795eb7647b6bb3789c309
aarch64
gnutls-3.6.16-8.el8_9.1.aarch64.rpm
dca49164c57019729440d0e04652d33dc3a42e552d8df66aff7f7ed4b9ebda02
i686
gnutls-3.6.16-8.el8_9.1.i686.rpm
6a99926cd65ab3fa92e16eebd15ddcc41c44b30bcee7f03c10f9dc9820836e6c
i686
gnutls-dane-3.6.16-8.el8_9.1.i686.rpm
6fc5639c492e3d00fb1c5e41bea625e89318facc65e5d0b2664272d882ceec28
i686
gnutls-devel-3.6.16-8.el8_9.1.i686.rpm
be65957f4c1d8e12be9a78edba14df18f7f56fc354373177444fdef4ac9768a8
i686
gnutls-c++-3.6.16-8.el8_9.1.i686.rpm
e83876ce7dade94dad24f7a657f9d7860ddbecebc0afc42bac704ae3d484b4a1
ppc64le
gnutls-devel-3.6.16-8.el8_9.1.ppc64le.rpm
25bac4a84474a99b439f9eaa4c129d5ba35f9f586d065b447820bc4d2f692623
ppc64le
gnutls-3.6.16-8.el8_9.1.ppc64le.rpm
808e750e3ddf3edca47535e45423a0f442ab8d914ad0925265019e4e025cb2c7
ppc64le
gnutls-c++-3.6.16-8.el8_9.1.ppc64le.rpm
c2927dda3c817e081e08dc7bf9718df815e765565441c05f2a7c10c3991e0e16
ppc64le
gnutls-utils-3.6.16-8.el8_9.1.ppc64le.rpm
d0ac5797014874eb27348629050739ec431ff776a04556f649c604e8cd02e36f
ppc64le
gnutls-dane-3.6.16-8.el8_9.1.ppc64le.rpm
f6dc320375591568fc8dc639bee298a4c73b2444fc015765958e2e07aa9a4ba1
s390x
gnutls-3.6.16-8.el8_9.1.s390x.rpm
0e8ff6c170c5720e12d36396af62ab666c236d7f42fac72e1c3d87cdf047d6de
s390x
gnutls-devel-3.6.16-8.el8_9.1.s390x.rpm
500121d3ebba3affdd218733038e888640c93fd19bcbe49ec98eecf18cce38e7
s390x
gnutls-c++-3.6.16-8.el8_9.1.s390x.rpm
77a4495f9386e91dcf6ada18be8c70d61e4a31d6d277bb43c1843678de56e817
s390x
gnutls-utils-3.6.16-8.el8_9.1.s390x.rpm
ebba9b31eb09c53080fd05d7e2a415d909f296de5e7c3f74549b63891a777f9c
s390x
gnutls-dane-3.6.16-8.el8_9.1.s390x.rpm
f05d12086579111148b9f5ea8565282d2b79a0cae8ec43fbd0a54b94037e7ae7
x86_64
gnutls-utils-3.6.16-8.el8_9.1.x86_64.rpm
4dbc5ad46ad357bc0f5c0d689bfaa7307eab0c13be3e719092be7084ad0a2e39
x86_64
gnutls-devel-3.6.16-8.el8_9.1.x86_64.rpm
8af3a23d4b0aeaebd78ba86ebd54eef7caf3166d6714b04b09145383794af0ea
x86_64
gnutls-dane-3.6.16-8.el8_9.1.x86_64.rpm
a53f7e3af9a3ad4471061cbd24370aeb41feb8e45b8e3b3e6a64b50383e3a962
x86_64
gnutls-3.6.16-8.el8_9.1.x86_64.rpm
baa16c8199bd5e9d3b48894df446aeff42c912ddffc47d1221573fc6edad694e
x86_64
gnutls-c++-3.6.16-8.el8_9.1.x86_64.rpm
e4f25ddc6239a6e9cdf094fe8d00c7627b77237b3a2b2e9f9cfa9999c40f0c57
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0628
Title:
ALSA-2024:0628 Moderate: libssh security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-48795
RHSA-2024:0628
ALSA-2024:0628
Updated packages listed below:
Architecture
Package
Checksum
aarch64
libssh-devel-0.9.6-13.el8_9.aarch64.rpm
2c08c39292bd837206b7688a9a73c2329de8fb41422c232dbb107e90fe8820b6
aarch64
libssh-0.9.6-13.el8_9.aarch64.rpm
d37fc5dccaa0ff5d37d82ff2d701a3d19012f2ae7a8fb618828c4036047eebc5
i686
libssh-devel-0.9.6-13.el8_9.i686.rpm
6b4a02b13b897ed713daed95518d15844a7a33e5434cbe7c8101ef10aac8d596
i686
libssh-0.9.6-13.el8_9.i686.rpm
bef5f96cecf7a2838b9b119247e1efd945ad3a45964bee22adf018d715541974
noarch
libssh-config-0.9.6-13.el8_9.noarch.rpm
cfdf81f189eabc99fefd79bc5787788d126945c6a163ac55b0b864bde101753a
ppc64le
libssh-devel-0.9.6-13.el8_9.ppc64le.rpm
90fb9ce81f99e82227ddbdfe8cda2ab8c933d64a1faedf4a76daccde1f06c131
ppc64le
libssh-0.9.6-13.el8_9.ppc64le.rpm
a50c61f52eb29d730612877d4136c61b4e1c0dae37688c1a473b45f3087d6f30
s390x
libssh-0.9.6-13.el8_9.s390x.rpm
8bddeb0bf0737db2bd597b9ef0c9b68d92e49cf1b47772c090b986a6f11ece4c
s390x
libssh-devel-0.9.6-13.el8_9.s390x.rpm
ba1ac8ba670ba30bd7ce03ae53bf17c8c0f06d6eb7bc3bad9dc8fde2a849c828
x86_64
libssh-0.9.6-13.el8_9.x86_64.rpm
d74f9db28b3c1516ea37485c31b921c7f5fd092254d40eccb09da99a802692a9
x86_64
libssh-devel-0.9.6-13.el8_9.x86_64.rpm
dcfbc0055e024f6a065033a1cf2aadad416cc9ce97a6a61ae5ac2abcfd9395ba
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0647
Title:
ALSA-2024:0647 Moderate: rpm security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
Security Fix(es):
* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2021-35937
CVE-2021-35938
CVE-2021-35939
RHSA-2024:0647
ALSA-2024:0647
Updated packages listed below:
Architecture
Package
Checksum
aarch64
rpm-plugin-syslog-4.14.3-28.el8_9.aarch64.rpm
008d2d9e312b6b238c74562e282070842d622c5bbc0e71366c6d4f4881aae870
aarch64
python3-rpm-4.14.3-28.el8_9.aarch64.rpm
0b1426c24b0a82b76cb474f3ff02a3751e210765298d3cb46a00c1a5db3cdcff
aarch64
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.aarch64.rpm
226a55915388a0e2b603120563e354105a88915de20285f29611d924dae5b9a3
aarch64
rpm-plugin-prioreset-4.14.3-28.el8_9.aarch64.rpm
232db1ad33cf894559c4befc280f676b386054c9d81dcc7aca2cca28a74bc179
aarch64
rpm-plugin-ima-4.14.3-28.el8_9.aarch64.rpm
3791158f01859558812b489503899f78916aba0eba66e9ba310deabb3c7d7544
aarch64
rpm-libs-4.14.3-28.el8_9.aarch64.rpm
46a8560cc161c2bab541d690628fda80e32fa0c904452c0227d026dbfea12c3f
aarch64
rpm-devel-4.14.3-28.el8_9.aarch64.rpm
848eb11b3e70ff9d7c03b85ee2ec0534b1b7afa04236ee1dcfe6ae453c854f89
aarch64
rpm-plugin-selinux-4.14.3-28.el8_9.aarch64.rpm
8d7039a4bfdaae1f42cc8214ac9583a7780685b1378571132e9709a7be8e95ae
aarch64
rpm-build-4.14.3-28.el8_9.aarch64.rpm
a0585e8b9ac946a46ad39726dc085e04b34ede27d6f69aa60b932a1c8fb33bdd
aarch64
rpm-build-libs-4.14.3-28.el8_9.aarch64.rpm
a6fb1b14796a160b7cb58152b817a6b3bdcbc5f8fe4840c045862e955c9a321e
aarch64
rpm-sign-4.14.3-28.el8_9.aarch64.rpm
c1bb79630b5c61d013e0ea15e0e4cfa54e7c8a9e746d80d5f52f8a881b6f882b
aarch64
rpm-4.14.3-28.el8_9.aarch64.rpm
c497cb01ffaac92ad0c6288a802f9b01e2d19f61671fb8cdc6625eee6fcd7412
aarch64
rpm-plugin-fapolicyd-4.14.3-28.el8_9.aarch64.rpm
df75ebe7d8b7a7b89be6ebe647a1ea8b552346dc745f4cd090856f28faea1761
i686
rpm-libs-4.14.3-28.el8_9.i686.rpm
41f54632b4a954242bad6b7f7f74bc910a31e82a36716557fe95a21842be855e
i686
rpm-build-libs-4.14.3-28.el8_9.i686.rpm
a4823d6282455466862db8bc51a24bc3da05c46ed56d12941b4bfa1388166139
i686
rpm-devel-4.14.3-28.el8_9.i686.rpm
c3fbe61a9677d5c769b997e6e469e61dcf4a7e3c520eca97d45e53afb70cea21
noarch
rpm-cron-4.14.3-28.el8_9.noarch.rpm
d3525e308817e4b123ee50f4208b77d9f8a7f6dcb71ed9b6551e9e8dfb9d3ef3
noarch
rpm-apidocs-4.14.3-28.el8_9.noarch.rpm
e6274c645a5490182f49716db9e1fde2e8ed892061be655959173f707e3ab6d4
ppc64le
python3-rpm-4.14.3-28.el8_9.ppc64le.rpm
034b44f1f74c6cbead48778bd973da55ee21b9c7883c1bf9369bb523d963540d
ppc64le
rpm-plugin-ima-4.14.3-28.el8_9.ppc64le.rpm
1a51c4b9c936b89aee319862da4ccd2b8af645e9bc2303a9df36c2ced570ec6a
ppc64le
rpm-sign-4.14.3-28.el8_9.ppc64le.rpm
20821de14d2268ccb0709d8c41cd84bc5c3ea07616313074510216e79093e1ec
ppc64le
rpm-libs-4.14.3-28.el8_9.ppc64le.rpm
21bf68c89b7125f69d275e33141619ac3298dd8acd0922d682e2a846aa8db705
ppc64le
rpm-build-libs-4.14.3-28.el8_9.ppc64le.rpm
39f94c90e4847576804bb937226fd40d92c4302e0c22ca71e2005c2ce7d194d2
ppc64le
rpm-plugin-selinux-4.14.3-28.el8_9.ppc64le.rpm
4c8ee4d493ca7b0077d7829285e50621f6f0580ea6fd9e05a8dacfeb9140f211
ppc64le
rpm-devel-4.14.3-28.el8_9.ppc64le.rpm
5faf00405701bfe76836c78c4bb82aa2df820245d18bc1f03e123d6e04cc2018
ppc64le
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.ppc64le.rpm
83df1b776dd7f0c703ba5a38f42ed042bdb041fbbac6c11e5fcdb7e40d8e63ed
ppc64le
rpm-build-4.14.3-28.el8_9.ppc64le.rpm
a04b94656f9c559e47ead3cb69eb14ef33fa0e6033d96918189a415e0389a1a1
ppc64le
rpm-plugin-syslog-4.14.3-28.el8_9.ppc64le.rpm
b09bb4405c8e26cb99f4a543e936b42d5b8846ffdea0795bb14498aa16d74512
ppc64le
rpm-4.14.3-28.el8_9.ppc64le.rpm
c46d112cc670bd8f82bc0822ae821ad3b746b1966dc90622ed231b2ad0979224
ppc64le
rpm-plugin-prioreset-4.14.3-28.el8_9.ppc64le.rpm
e754e3687726ab1b1488acefaa20c063cfada7946c13c679477546f58e720ecd
ppc64le
rpm-plugin-fapolicyd-4.14.3-28.el8_9.ppc64le.rpm
ece6a526f4d357f2f8027f9b59875cb8c69b191b81d448b247a6ec8f44955ce6
s390x
rpm-libs-4.14.3-28.el8_9.s390x.rpm
328fedb47f66315f67d77e1c25cb826b7458444bc1c0e88b7d3664ec4cf0d436
s390x
python3-rpm-4.14.3-28.el8_9.s390x.rpm
40e8640c98d4f3667b73947aafdfa7fe8aa4255b30eb4cb26ccc73db3668385d
s390x
rpm-plugin-fapolicyd-4.14.3-28.el8_9.s390x.rpm
6ea136940bf272bdeb759ab22a1dd6b1ec9ff31844217b34ff90495ec427242c
s390x
rpm-plugin-syslog-4.14.3-28.el8_9.s390x.rpm
70785421c811ad4553f37889ae317bb70c122b144415fa5f69f7d6cfc59a3f5c
s390x
rpm-plugin-prioreset-4.14.3-28.el8_9.s390x.rpm
764f8abbbe85e4c88bf534448365dde476634a0c0220ca574eea39c7b13701f7
s390x
rpm-devel-4.14.3-28.el8_9.s390x.rpm
7f89f472c32fd38cec31231840f9ef4158cb57025f91f19e6429b3136729413d
s390x
rpm-build-libs-4.14.3-28.el8_9.s390x.rpm
90da078eb1b84da7d9c76f56f89a605791efd6e9d10f5445706262c19f5779ba
s390x
rpm-plugin-ima-4.14.3-28.el8_9.s390x.rpm
a0d7c6311d3a60598e6d9aa9ea433b6e2fd33d214e7229a1dc5ae3004aedc547
s390x
rpm-plugin-selinux-4.14.3-28.el8_9.s390x.rpm
b5e48527409ddd65a9148109f51979c902500ec1868428bf65d148c2cf228ec5
s390x
rpm-sign-4.14.3-28.el8_9.s390x.rpm
ce38843c9fce371bf49f5c83fbb74fb6fed67d526cffaf50060cb6b0130c41cf
s390x
rpm-build-4.14.3-28.el8_9.s390x.rpm
d70473a816105f5da769faedd9ec32261c1fc215e1bd83045de935e970f92543
s390x
rpm-4.14.3-28.el8_9.s390x.rpm
e94538c4de6e04f9923fdd5faf3d51bbb3f9d485039bb66ab2cd97958081db7a
s390x
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.s390x.rpm
f7f05ad2f89aec0fc6435b69e7f5e4c65411150397a7e116d23083127cfd1f02
x86_64
rpm-devel-4.14.3-28.el8_9.x86_64.rpm
0ec1c3f3f36a1c47b1d9224918e65168c83310b0e7bb910c7516aecf607e54d9
x86_64
rpm-build-4.14.3-28.el8_9.x86_64.rpm
2f9eb08af9f8e7dee66b5490127add4501bf731493b283ea6bc5aa0041678d50
x86_64
rpm-plugin-selinux-4.14.3-28.el8_9.x86_64.rpm
3746f081fcb567dc42bd844378018fb6f90b2498297627ea49ff5b2d38ce46f9
x86_64
rpm-sign-4.14.3-28.el8_9.x86_64.rpm
39d5d8b935d481c8aaee19a3c30c06631c0193220ff6f8420099c34352660a20
x86_64
python3-rpm-4.14.3-28.el8_9.x86_64.rpm
3eeb3e36082832137f0a85ec5d43c54c6d2fbc913bb3a3350427f060847744dd
x86_64
rpm-plugin-ima-4.14.3-28.el8_9.x86_64.rpm
3ff4395362bc1d69771255550d418c59bffaf128636fc33befacb2c01bc10acc
x86_64
rpm-4.14.3-28.el8_9.x86_64.rpm
523e7b7f75e3897e2172685872f83d81e58da017157e7f41f8b80fc138458768
x86_64
rpm-build-libs-4.14.3-28.el8_9.x86_64.rpm
560f1725520d7a2e5f34fdd2bdac02be656edb7af5096232b7c4ece66640fb39
x86_64
rpm-plugin-fapolicyd-4.14.3-28.el8_9.x86_64.rpm
9ab65fc394897f836f82e556929f9178bee6e03e226551785bdb86d31b1f362a
x86_64
rpm-plugin-prioreset-4.14.3-28.el8_9.x86_64.rpm
9c24767879771c6efda2cb08c6e2d6bf6f06903aaf7ae43beedd470576c1d50c
x86_64
rpm-plugin-syslog-4.14.3-28.el8_9.x86_64.rpm
b8913830f6a9113df4ffed910ea019c055a4a2c7afd619d708427a1316975c7b
x86_64
rpm-libs-4.14.3-28.el8_9.x86_64.rpm
baed71544ef3eaa93a688bf00f4d08ce7270382b60c0796d0df42be3df1bdd8e
x86_64
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.x86_64.rpm
ff0af39f969500be227e500dab6e94678b986586bf494d47a81f0ee4d062db9d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ID:
ALSA-2024:0670
Title:
ALSA-2024:0670 Important: runc security update
Type:
security
Severity:
important
Release date:
2024-02-06
Description
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* runc: file descriptor leak (CVE-2024-21626)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-21626
RHSA-2024:0670
ALSA-2024:0670
Updated packages listed below:
Architecture
Package
Checksum
aarch64
runc-1.1.12-1.el9_3.aarch64.rpm
81740a163e424f529b4f2dab680d508beb333586895ed2b6f7f2b41efd5b3a2c
ppc64le
runc-1.1.12-1.el9_3.ppc64le.rpm
9a451a5d18c35b10f7318ac5d25f7078482f16e769db0db5a32a8f58f648e5c2
s390x
runc-1.1.12-1.el9_3.s390x.rpm
f8c331ea18cacefc669223a486131daeb5db5675c134933f068c79322ac173ae
x86_64
runc-1.1.12-1.el9_3.x86_64.rpm
e0ad2fed169a4faed8b3fc60fd6116c7114c7640cf986268e4ac28ec3dda0082
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0557 Important: tigervnc security update
ALSA-2024:0602 Important: thunderbird security update
ALSA-2024:0603 Important: firefox security update
ALSA-2024:0606 Moderate: openssh security update
ALSA-2024:0607 Important: tigervnc security update
ALSA-2024:0608 Important: firefox security update
ALSA-2024:0609 Important: thunderbird security update
ALSA-2024:0627 Moderate: gnutls security update
ALSA-2024:0628 Moderate: libssh security update
ALSA-2024:0647 Moderate: rpm security update
ALSA-2024:0670 Important: runc security update
ALSA-2024:0557 Important: tigervnc security update
ID:
ALSA-2024:0557
Title:
ALSA-2024:0557 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-31
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
RHSA-2024:0557
ALSA-2024:0557
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
41a1056ea4b27a05eea406dbe51fa4ded91cf8a4c8be1c2a2a471a54ad05182f
aarch64
tigervnc-server-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
7db025f9a19a4b3f9faf4b63154b58c823dd177ec59a71eb6c8a242c278941e8
aarch64
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
ea549ec6b77c382a8f29177cfea3aeb9a1e3199bb80ad492c10b3d0e2bbc571c
aarch64
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.aarch64.rpm
fd9e0e4168ad3f0fbdc9b7bc92c237fef1bf2d673b61878d5e41792ef756e15c
noarch
tigervnc-license-1.13.1-3.el9_3.6.alma.1.noarch.rpm
4c5f5ac26ea3fd5c86eb2a2ead5617a4c3afeab2d61239ba0e4144a6fc242cf9
noarch
tigervnc-icons-1.13.1-3.el9_3.6.alma.1.noarch.rpm
e1af8361e82b513ee2f2fbbbd88156a499467cba27ddc1423e92d94293cbe255
noarch
tigervnc-selinux-1.13.1-3.el9_3.6.alma.1.noarch.rpm
fec12fd04cc7d5cc50381ca18c190ad46a5cc938f296f16e3b6aa24d17e75b07
ppc64le
tigervnc-server-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
79d02a1e21a26d2ac9b786d2303a40f1ec3f3dca8d3a47bbdad199c1f31198f0
ppc64le
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
cdab811582754693638dcb51362aa05c2b684e7f1254c80304066c8bf1e3c0a1
ppc64le
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
dfdc38ccdc06cf996a3265c1572bb8e9800ea0f9a373b40c8b1d78e4f27533b1
ppc64le
tigervnc-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm
ecd79ed125a0a8f4525aa50ab5319f409047c4203c30c73bebb738b475af0736
s390x
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.s390x.rpm
37a7e49a4ec628e53a1c6565a241f42b668dafa4a94e9eeb382feb9582902cfc
s390x
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.s390x.rpm
38b9f15bd0dd8c2ccbffd78e6782f48955e1b677abd4631df54a3f579158d699
s390x
tigervnc-1.13.1-3.el9_3.6.alma.1.s390x.rpm
92ab66d538f7f9d3624d325038fcbc68517e1a50cd45dc7296732f4372e8bc26
s390x
tigervnc-server-1.13.1-3.el9_3.6.alma.1.s390x.rpm
b01643eeeba766695c35591505be40bcd0a16772baab2b4ed4712dc5b074035a
x86_64
tigervnc-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
16cde6196c0123c6102b12dd140445a956efcbe52714d96519a35a54938e8130
x86_64
tigervnc-server-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
512e928edcca8d3e3028aeaf75f74389c9d303ab4e796e3d0f03e6c7926942ef
x86_64
tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
592244a12046c8082930bb15fc3eb288a08d92e9c0ac9939bb8f9cbcd2cbfaa3
x86_64
tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.x86_64.rpm
bdbe935bd5f004c2e161e50651be455fccb0a5eac8821331bb7f86a77b6b5e52
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0557 Important: tigervnc security update
ALSA-2024:0602 Important: thunderbird security update
ID:
ALSA-2024:0602
Title:
ALSA-2024:0602 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.7.0.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0602
ALSA-2024:0602
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.7.0-1.el9_3.alma.aarch64.rpm
c7268d83fbd8bf66c13d0fb205d25d89ac26eb9ccf6c52c7e697a337e049cf03
aarch64
thunderbird-115.7.0-1.el9_3.alma.plus.aarch64.rpm
cb4dd06154ec44451e99904355071628c23c20da2240fd957b772ca9edb1e4ac
ppc64le
thunderbird-115.7.0-1.el9_3.alma.ppc64le.rpm
bd441b5e20ade6537617f338bd717e48b240f0acd436f7315c6d591e85f96c43
ppc64le
thunderbird-115.7.0-1.el9_3.alma.plus.ppc64le.rpm
dc058000a8e9da942d8795958b0e7d73e84cf5162fa3d13cdf1f4a0e0f9cc78a
s390x
thunderbird-115.7.0-1.el9_3.alma.s390x.rpm
5f95146cb536f7bd21fa676f0555a8b23533fb2a48e705c7463d6a03cfbdead2
s390x
thunderbird-115.7.0-1.el9_3.alma.plus.s390x.rpm
fe42306b33ea37d882095a90d44a20c55ac3b7afad4afb2866e4625ed090d6b7
x86_64
thunderbird-115.7.0-1.el9_3.alma.x86_64.rpm
06b7955fcd7b1ae70536c401e6de21a07c166aa788697bc0909f803711465a43
x86_64
thunderbird-115.7.0-1.el9_3.alma.plus.x86_64.rpm
285f185f308b4674f965a5385f8278f82be7f3f18515b2d25ed866f7828b0f2c
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0602 Important: thunderbird security update
ALSA-2024:0603 Important: firefox security update
ID:
ALSA-2024:0603
Title:
ALSA-2024:0603 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.7.0 ESR.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0603
ALSA-2024:0603
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.7.0-1.el9_3.alma.aarch64.rpm
abc2d85a1051398961074e859c1bde1b8167b5bd753a812b201bdf707f4b80ab
aarch64
firefox-x11-115.7.0-1.el9_3.alma.aarch64.rpm
c293687150213ba83497bc6f4396e5aba0fd724025d08a3e99f396edde63ffe7
ppc64le
firefox-x11-115.7.0-1.el9_3.alma.ppc64le.rpm
a058c3cdab6fe9ef59c29f0d9a9f1b92201a80aa636499cf322853b9d7a970a6
ppc64le
firefox-115.7.0-1.el9_3.alma.ppc64le.rpm
af23e460e015546702c8e7fae418bb3c57e2929c7fdeffc030e5045e2705adfb
s390x
firefox-x11-115.7.0-1.el9_3.alma.s390x.rpm
096fd35b51b3ebc162fb9f05584c9b706ccdbd4a726489c44d8b1c121fb2b6d9
s390x
firefox-115.7.0-1.el9_3.alma.s390x.rpm
6f585401036e31b1013f43f0c5e948caa84d6075f96a9e22ec8f421acba17fbd
x86_64
firefox-x11-115.7.0-1.el9_3.alma.x86_64.rpm
17e694fabb4bef0fcdb5c5c06ce4642687918d40fbfb01a2ffc4506e7d4a95ca
x86_64
firefox-115.7.0-1.el9_3.alma.x86_64.rpm
b4ae85dc027028dfd57a0355a986bb78e15207322ac30a0587a6e58434bc2f00
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0603 Important: firefox security update
ALSA-2024:0606 Moderate: openssh security update
ID:
ALSA-2024:0606
Title:
ALSA-2024:0606 Moderate: openssh security update
Type:
security
Severity:
moderate
Release date:
2024-01-31
Description
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* openssh: potential command injection via shell metacharacters (CVE-2023-51385)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-48795
CVE-2023-51385
RHSA-2024:0606
ALSA-2024:0606
Updated packages listed below:
Architecture
Package
Checksum
aarch64
openssh-clients-8.0p1-19.el8_9.2.aarch64.rpm
0c0405a2ab61a34ba52a2b4c1e63c3b3ae60dd5e68cca6ce9d6342137461676e
aarch64
openssh-cavs-8.0p1-19.el8_9.2.aarch64.rpm
6131d47f0b5cbc0129056ed6349cc7f75046c410501d6b6a0982591b2ec7a159
aarch64
openssh-ldap-8.0p1-19.el8_9.2.aarch64.rpm
6e27fe8308776b15cc4bdec0153b27f20ec63870f7d471f4525a8415598d47d3
aarch64
openssh-server-8.0p1-19.el8_9.2.aarch64.rpm
70658efe495a4c8442c2cb52f7524877ebb12276c70672b5103a8ef8ef48de7f
aarch64
openssh-askpass-8.0p1-19.el8_9.2.aarch64.rpm
793fadb5d53d6b693d7ff1cf4ccf849d6ebab14ccac0cd506b7f88ee13d29a90
aarch64
openssh-8.0p1-19.el8_9.2.aarch64.rpm
8ef2ce0053ad48851ea3afa73749283a439c602c9340a4b4e45213e56268dad0
aarch64
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.aarch64.rpm
9c6b917e73600e98487bf45f17e761d9c8d731e1e005105860b0d53439861a97
aarch64
openssh-keycat-8.0p1-19.el8_9.2.aarch64.rpm
f9e102ed8b436509ae4ca5977e5f8c87a5bbf241a81902fc19c0e5bbd2c548ff
ppc64le
openssh-keycat-8.0p1-19.el8_9.2.ppc64le.rpm
0865cec118c71a01d693c27aca19569837dd18e61c8de82f1bc8974893b151dd
ppc64le
openssh-8.0p1-19.el8_9.2.ppc64le.rpm
1bff0654b186f7ad3fb843ad9d8418cf1ea2a8f08858efc35618e8dc6cf71aec
ppc64le
openssh-askpass-8.0p1-19.el8_9.2.ppc64le.rpm
23ffd81cfaf69f26834e9fbb3fe2f4b1f3090e8b5eca4ba53d33aab77e871de0
ppc64le
openssh-cavs-8.0p1-19.el8_9.2.ppc64le.rpm
7863968d2d5af1ff2c324ab3393196b0fca494b1cf51627425fa55e3a72c18f8
ppc64le
openssh-ldap-8.0p1-19.el8_9.2.ppc64le.rpm
b22a60fed625f372adf7f834e06d384cdfed8e58bccf1e32d201c40d1425aedb
ppc64le
openssh-server-8.0p1-19.el8_9.2.ppc64le.rpm
c286e252a66c8567214524ed8b30e62d53cc737ad513128d17e77c31595e2376
ppc64le
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.ppc64le.rpm
f68ae5b2ba14f198b1de8eca9a3b273ff5b3c9eef6a0124cb351e7c15a34c30b
ppc64le
openssh-clients-8.0p1-19.el8_9.2.ppc64le.rpm
fdcbe84d95d04260fdcbf1c7d8e8877ae66ee828e63f1e573a2983e06a05e42f
s390x
openssh-ldap-8.0p1-19.el8_9.2.s390x.rpm
4372aa95600584df9b139404b2d9063f589f8822162485e79b5667b0baf5bddc
s390x
openssh-server-8.0p1-19.el8_9.2.s390x.rpm
50621ed93920e66b206f6dce8905d86ffa1b3608ca0954c2b4efcd6281c80cdc
s390x
openssh-cavs-8.0p1-19.el8_9.2.s390x.rpm
52a825d267990593789f87e17d939edae3c6bc00e642c754e0d9b32bc659c434
s390x
openssh-clients-8.0p1-19.el8_9.2.s390x.rpm
7d0daff30c182c7c5d539773778eebad925591b24deb997a2a066126e51ded95
s390x
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.s390x.rpm
a584eb479f96748eab0029bbd4e20f53db384575511961a51e2024ad766f9583
s390x
openssh-8.0p1-19.el8_9.2.s390x.rpm
b2cd7da52dc8468ba1866bec643d975a254e46bed75e1e14f602464b65763009
s390x
openssh-keycat-8.0p1-19.el8_9.2.s390x.rpm
c1441055789e6b214145a230336830e10bc201488126b635ede36b873cb7ca66
s390x
openssh-askpass-8.0p1-19.el8_9.2.s390x.rpm
e2469a8a10496196e335b0449ebda83cffc9f4b27799585c6c5f5d158fbf380d
x86_64
openssh-cavs-8.0p1-19.el8_9.2.x86_64.rpm
2a001b6e918caef30bc528bac72a755caa08a562a8d6ba24d58a5e6d68d99f9d
x86_64
pam_ssh_agent_auth-0.10.3-7.19.el8_9.2.x86_64.rpm
53a8a13a560fe0e114175cc0bdd7e6cc26fa49c4f45ac57048bd548a11bbb69f
x86_64
openssh-clients-8.0p1-19.el8_9.2.x86_64.rpm
54006c9670b980ebf37f3d9afa6c55cd21b2f7a4e52b4103bc49f1125d81f933
x86_64
openssh-askpass-8.0p1-19.el8_9.2.x86_64.rpm
9e8f59a2ba14c15b29e64b7fd6f840c5a800a595362063578c6d7f047871a8fe
x86_64
openssh-server-8.0p1-19.el8_9.2.x86_64.rpm
a6980838e3a9550e4bd436a8052ec64954b3b27758c23a654cb6c67dc8c83428
x86_64
openssh-keycat-8.0p1-19.el8_9.2.x86_64.rpm
aa8390b928866e7100f3e0e7da38c05e34f286b9ee15b3914bcdf9ffe5d02fae
x86_64
openssh-8.0p1-19.el8_9.2.x86_64.rpm
c05724680b503f7224450853ca38ab10459e356eb5a1d8d11fa7689ce4f4ebe3
x86_64
openssh-ldap-8.0p1-19.el8_9.2.x86_64.rpm
c26b62d5fd9ec3020292f41188dc82a4a26bbe16c4d01bca0c50f2e83ca89dad
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0606 Moderate: openssh security update
ALSA-2024:0607 Important: tigervnc security update
ID:
ALSA-2024:0607
Title:
ALSA-2024:0607 Important: tigervnc security update
Type:
security
Severity:
important
Release date:
2024-01-31
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
RHSA-2024:0607
ALSA-2024:0607
Updated packages listed below:
Architecture
Package
Checksum
aarch64
tigervnc-server-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
31c77b7c23eddb54076f2562ac1e3c55b66f1662240c63e742322771338a6cb0
aarch64
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
4bb8a9660f08de4339a934edbf8009c747515bf2cc1b4f6601a738e92fe0f91d
aarch64
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
8a27c5fc340b79f39003f93197271a7fedeef7ce97c39492ed8aa791aeefa31b
aarch64
tigervnc-1.13.1-2.el8_9.7.alma.1.aarch64.rpm
b958e79b8fe965e5a30177d83fea4b92cd6de4972cd19e0a338a0667755d3629
noarch
tigervnc-icons-1.13.1-2.el8_9.7.alma.1.noarch.rpm
690135ab868a3f2ec8c9779a5b3c12c453e96dc806febe6416dbeefc2d7120c1
noarch
tigervnc-license-1.13.1-2.el8_9.7.alma.1.noarch.rpm
8bff591ce0c81224114bbf3bbbad1bb8064af6afabfaf3bad3c7e7dd1b40ab76
noarch
tigervnc-selinux-1.13.1-2.el8_9.7.alma.1.noarch.rpm
aadc517b4dd07c9e83ab5d3db642178b0041b682a19db2fac97a43a383fe2b64
ppc64le
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
324b6443f79321181c49dfde46649fa51e7506a9f527796f18ba8664eb4e3aba
ppc64le
tigervnc-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
909ff1104bdd8faf529d500d9b1ac5e1828812ab2541b64f330594f5bcc14614
ppc64le
tigervnc-server-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
996b2ed9ffaaab3cacbb64d3b6c405d675ebd3681de3d84956305d775daf9b56
ppc64le
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm
a7cd4b65bb0ed5e13210e7156c0e622c94fa58965d3efb7b21f86edc760f5ae9
s390x
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.s390x.rpm
27bcff896d7a5ed1c9098d86b4a66cdfb511f0e4f0e03f8eb3a2f87911065134
s390x
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.s390x.rpm
447164193aa0b1ff98c32e62b804ab2a7e498df259c6761b3d0f72e0da225779
s390x
tigervnc-server-1.13.1-2.el8_9.7.alma.1.s390x.rpm
49a80d15b0f7cdd36bf8c4c2f6d01b01e142190b9fa8c91f9a2556b804ac837c
s390x
tigervnc-1.13.1-2.el8_9.7.alma.1.s390x.rpm
7daaf6efc093341c70768e61361f56250eb73b9d5d08c29253243eaf24788126
x86_64
tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
25ce53490f34a67d6f8dbdbf5a7e80cce24ee41ea0f605c34de84b936bf43676
x86_64
tigervnc-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
56026b8dd619cc84ed9d31d462ac41c7ab9ac32091b726b2eea9104be966a7c7
x86_64
tigervnc-server-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
86b8f8bc208c95ceff1d53dd95e3e4c8709fda53d987e59037292eace56c5b03
x86_64
tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.x86_64.rpm
f0d3c49494fe5094581c0e1a78d56b5cd9dfcee56447d9e5ae4d340eada510d0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0607 Important: tigervnc security update
ALSA-2024:0608 Important: firefox security update
ID:
ALSA-2024:0608
Title:
ALSA-2024:0608 Important: firefox security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.7.0 ESR.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0608
ALSA-2024:0608
Updated packages listed below:
Architecture
Package
Checksum
aarch64
firefox-115.7.0-1.el8_9.alma.1.aarch64.rpm
fe8e8d2259cf7c9fe43ae0e1d2eb5fce7fcd4bd6fb67715a90c5c47088a0b954
ppc64le
firefox-115.7.0-1.el8_9.alma.1.ppc64le.rpm
f51b02c24751bd59440172a619b08210f5431eb58336a2f96dcb1724d061e9e4
s390x
firefox-115.7.0-1.el8_9.alma.1.s390x.rpm
a3438086ed03b305db937a89ecad4ad400e44279a579661c3807e2fb1e93dc73
x86_64
firefox-115.7.0-1.el8_9.alma.1.x86_64.rpm
f5b663346e03b479dc533825b5b8f8a7959191f2245ed1c2bcf230a18d2c90ef
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0608 Important: firefox security update
ALSA-2024:0609 Important: thunderbird security update
ID:
ALSA-2024:0609
Title:
ALSA-2024:0609 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2024-02-01
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.7.0.
Security Fix(es):
* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0741
CVE-2024-0742
CVE-2024-0746
CVE-2024-0747
CVE-2024-0749
CVE-2024-0750
CVE-2024-0751
CVE-2024-0753
CVE-2024-0755
RHSA-2024:0609
ALSA-2024:0609
Updated packages listed below:
Architecture
Package
Checksum
aarch64
thunderbird-115.7.0-1.el8_9.alma.plus.aarch64.rpm
a58a13417bf754e2b1d8cba0f8b6a5c0c6b0328322e42c4800b2389532e3938d
aarch64
thunderbird-115.7.0-1.el8_9.alma.1.aarch64.rpm
ec30eef07e61a3f2a7c89f73ee4b932885d2281a36fdb01f43ec8bb949086d6b
ppc64le
thunderbird-115.7.0-1.el8_9.alma.1.ppc64le.rpm
dc549ed52240bb6152c62cc9935372163c9e47903d0a985fe587df66c8a2c98e
ppc64le
thunderbird-115.7.0-1.el8_9.alma.plus.ppc64le.rpm
f56ac11f27f8ec5ef9feca7f1f5363a2026f4a6e316f08c58aad4507673159f7
s390x
thunderbird-115.7.0-1.el8_9.alma.plus.s390x.rpm
abfb7e60cb918397ab7df36b07d4c391de122828d0bbef2e5a6d8143c2d91143
s390x
thunderbird-115.7.0-1.el8_9.alma.1.s390x.rpm
d7da4891df32b6e6f8df5e082d351caf17d221236c167a91169f2694879432df
x86_64
thunderbird-115.7.0-1.el8_9.alma.plus.x86_64.rpm
0b32a093526ab7a09dc93d2ddb8c2470f767289e52d06889cf6bc6a6c46de846
x86_64
thunderbird-115.7.0-1.el8_9.alma.1.x86_64.rpm
2e6e0ba4bd4125c806a8bf3e6c182c11209586f7c9e172114cee2f3d6e9ba232
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0609 Important: thunderbird security update
ALSA-2024:0627 Moderate: gnutls security update
ID:
ALSA-2024:0627
Title:
ALSA-2024:0627 Moderate: gnutls security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Security Fix(es):
* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-0553
RHSA-2024:0627
ALSA-2024:0627
Updated packages listed below:
Architecture
Package
Checksum
aarch64
gnutls-devel-3.6.16-8.el8_9.1.aarch64.rpm
0dae666bc9ed7c4a0181efcabbe39d0231be12d0e5763b17462249dfb81fbbb2
aarch64
gnutls-dane-3.6.16-8.el8_9.1.aarch64.rpm
43de8157e5e823974b33343ffc1f3b89def69b6a4515067ffd6b6ccac6347c71
aarch64
gnutls-utils-3.6.16-8.el8_9.1.aarch64.rpm
4e2e3bf2b90d35a96654d11ebb143fb6d7cf5cba34e2eddc478ac6906f110fce
aarch64
gnutls-c++-3.6.16-8.el8_9.1.aarch64.rpm
db733e174f695787dc8330df208dc94f050ed372e0b795eb7647b6bb3789c309
aarch64
gnutls-3.6.16-8.el8_9.1.aarch64.rpm
dca49164c57019729440d0e04652d33dc3a42e552d8df66aff7f7ed4b9ebda02
i686
gnutls-3.6.16-8.el8_9.1.i686.rpm
6a99926cd65ab3fa92e16eebd15ddcc41c44b30bcee7f03c10f9dc9820836e6c
i686
gnutls-dane-3.6.16-8.el8_9.1.i686.rpm
6fc5639c492e3d00fb1c5e41bea625e89318facc65e5d0b2664272d882ceec28
i686
gnutls-devel-3.6.16-8.el8_9.1.i686.rpm
be65957f4c1d8e12be9a78edba14df18f7f56fc354373177444fdef4ac9768a8
i686
gnutls-c++-3.6.16-8.el8_9.1.i686.rpm
e83876ce7dade94dad24f7a657f9d7860ddbecebc0afc42bac704ae3d484b4a1
ppc64le
gnutls-devel-3.6.16-8.el8_9.1.ppc64le.rpm
25bac4a84474a99b439f9eaa4c129d5ba35f9f586d065b447820bc4d2f692623
ppc64le
gnutls-3.6.16-8.el8_9.1.ppc64le.rpm
808e750e3ddf3edca47535e45423a0f442ab8d914ad0925265019e4e025cb2c7
ppc64le
gnutls-c++-3.6.16-8.el8_9.1.ppc64le.rpm
c2927dda3c817e081e08dc7bf9718df815e765565441c05f2a7c10c3991e0e16
ppc64le
gnutls-utils-3.6.16-8.el8_9.1.ppc64le.rpm
d0ac5797014874eb27348629050739ec431ff776a04556f649c604e8cd02e36f
ppc64le
gnutls-dane-3.6.16-8.el8_9.1.ppc64le.rpm
f6dc320375591568fc8dc639bee298a4c73b2444fc015765958e2e07aa9a4ba1
s390x
gnutls-3.6.16-8.el8_9.1.s390x.rpm
0e8ff6c170c5720e12d36396af62ab666c236d7f42fac72e1c3d87cdf047d6de
s390x
gnutls-devel-3.6.16-8.el8_9.1.s390x.rpm
500121d3ebba3affdd218733038e888640c93fd19bcbe49ec98eecf18cce38e7
s390x
gnutls-c++-3.6.16-8.el8_9.1.s390x.rpm
77a4495f9386e91dcf6ada18be8c70d61e4a31d6d277bb43c1843678de56e817
s390x
gnutls-utils-3.6.16-8.el8_9.1.s390x.rpm
ebba9b31eb09c53080fd05d7e2a415d909f296de5e7c3f74549b63891a777f9c
s390x
gnutls-dane-3.6.16-8.el8_9.1.s390x.rpm
f05d12086579111148b9f5ea8565282d2b79a0cae8ec43fbd0a54b94037e7ae7
x86_64
gnutls-utils-3.6.16-8.el8_9.1.x86_64.rpm
4dbc5ad46ad357bc0f5c0d689bfaa7307eab0c13be3e719092be7084ad0a2e39
x86_64
gnutls-devel-3.6.16-8.el8_9.1.x86_64.rpm
8af3a23d4b0aeaebd78ba86ebd54eef7caf3166d6714b04b09145383794af0ea
x86_64
gnutls-dane-3.6.16-8.el8_9.1.x86_64.rpm
a53f7e3af9a3ad4471061cbd24370aeb41feb8e45b8e3b3e6a64b50383e3a962
x86_64
gnutls-3.6.16-8.el8_9.1.x86_64.rpm
baa16c8199bd5e9d3b48894df446aeff42c912ddffc47d1221573fc6edad694e
x86_64
gnutls-c++-3.6.16-8.el8_9.1.x86_64.rpm
e4f25ddc6239a6e9cdf094fe8d00c7627b77237b3a2b2e9f9cfa9999c40f0c57
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0627 Moderate: gnutls security update
ALSA-2024:0628 Moderate: libssh security update
ID:
ALSA-2024:0628
Title:
ALSA-2024:0628 Moderate: libssh security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2023-48795
RHSA-2024:0628
ALSA-2024:0628
Updated packages listed below:
Architecture
Package
Checksum
aarch64
libssh-devel-0.9.6-13.el8_9.aarch64.rpm
2c08c39292bd837206b7688a9a73c2329de8fb41422c232dbb107e90fe8820b6
aarch64
libssh-0.9.6-13.el8_9.aarch64.rpm
d37fc5dccaa0ff5d37d82ff2d701a3d19012f2ae7a8fb618828c4036047eebc5
i686
libssh-devel-0.9.6-13.el8_9.i686.rpm
6b4a02b13b897ed713daed95518d15844a7a33e5434cbe7c8101ef10aac8d596
i686
libssh-0.9.6-13.el8_9.i686.rpm
bef5f96cecf7a2838b9b119247e1efd945ad3a45964bee22adf018d715541974
noarch
libssh-config-0.9.6-13.el8_9.noarch.rpm
cfdf81f189eabc99fefd79bc5787788d126945c6a163ac55b0b864bde101753a
ppc64le
libssh-devel-0.9.6-13.el8_9.ppc64le.rpm
90fb9ce81f99e82227ddbdfe8cda2ab8c933d64a1faedf4a76daccde1f06c131
ppc64le
libssh-0.9.6-13.el8_9.ppc64le.rpm
a50c61f52eb29d730612877d4136c61b4e1c0dae37688c1a473b45f3087d6f30
s390x
libssh-0.9.6-13.el8_9.s390x.rpm
8bddeb0bf0737db2bd597b9ef0c9b68d92e49cf1b47772c090b986a6f11ece4c
s390x
libssh-devel-0.9.6-13.el8_9.s390x.rpm
ba1ac8ba670ba30bd7ce03ae53bf17c8c0f06d6eb7bc3bad9dc8fde2a849c828
x86_64
libssh-0.9.6-13.el8_9.x86_64.rpm
d74f9db28b3c1516ea37485c31b921c7f5fd092254d40eccb09da99a802692a9
x86_64
libssh-devel-0.9.6-13.el8_9.x86_64.rpm
dcfbc0055e024f6a065033a1cf2aadad416cc9ce97a6a61ae5ac2abcfd9395ba
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0628 Moderate: libssh security update
ALSA-2024:0647 Moderate: rpm security update
ID:
ALSA-2024:0647
Title:
ALSA-2024:0647 Moderate: rpm security update
Type:
security
Severity:
moderate
Release date:
2024-02-01
Description
The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
Security Fix(es):
* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)
* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)
* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2021-35937
CVE-2021-35938
CVE-2021-35939
RHSA-2024:0647
ALSA-2024:0647
Updated packages listed below:
Architecture
Package
Checksum
aarch64
rpm-plugin-syslog-4.14.3-28.el8_9.aarch64.rpm
008d2d9e312b6b238c74562e282070842d622c5bbc0e71366c6d4f4881aae870
aarch64
python3-rpm-4.14.3-28.el8_9.aarch64.rpm
0b1426c24b0a82b76cb474f3ff02a3751e210765298d3cb46a00c1a5db3cdcff
aarch64
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.aarch64.rpm
226a55915388a0e2b603120563e354105a88915de20285f29611d924dae5b9a3
aarch64
rpm-plugin-prioreset-4.14.3-28.el8_9.aarch64.rpm
232db1ad33cf894559c4befc280f676b386054c9d81dcc7aca2cca28a74bc179
aarch64
rpm-plugin-ima-4.14.3-28.el8_9.aarch64.rpm
3791158f01859558812b489503899f78916aba0eba66e9ba310deabb3c7d7544
aarch64
rpm-libs-4.14.3-28.el8_9.aarch64.rpm
46a8560cc161c2bab541d690628fda80e32fa0c904452c0227d026dbfea12c3f
aarch64
rpm-devel-4.14.3-28.el8_9.aarch64.rpm
848eb11b3e70ff9d7c03b85ee2ec0534b1b7afa04236ee1dcfe6ae453c854f89
aarch64
rpm-plugin-selinux-4.14.3-28.el8_9.aarch64.rpm
8d7039a4bfdaae1f42cc8214ac9583a7780685b1378571132e9709a7be8e95ae
aarch64
rpm-build-4.14.3-28.el8_9.aarch64.rpm
a0585e8b9ac946a46ad39726dc085e04b34ede27d6f69aa60b932a1c8fb33bdd
aarch64
rpm-build-libs-4.14.3-28.el8_9.aarch64.rpm
a6fb1b14796a160b7cb58152b817a6b3bdcbc5f8fe4840c045862e955c9a321e
aarch64
rpm-sign-4.14.3-28.el8_9.aarch64.rpm
c1bb79630b5c61d013e0ea15e0e4cfa54e7c8a9e746d80d5f52f8a881b6f882b
aarch64
rpm-4.14.3-28.el8_9.aarch64.rpm
c497cb01ffaac92ad0c6288a802f9b01e2d19f61671fb8cdc6625eee6fcd7412
aarch64
rpm-plugin-fapolicyd-4.14.3-28.el8_9.aarch64.rpm
df75ebe7d8b7a7b89be6ebe647a1ea8b552346dc745f4cd090856f28faea1761
i686
rpm-libs-4.14.3-28.el8_9.i686.rpm
41f54632b4a954242bad6b7f7f74bc910a31e82a36716557fe95a21842be855e
i686
rpm-build-libs-4.14.3-28.el8_9.i686.rpm
a4823d6282455466862db8bc51a24bc3da05c46ed56d12941b4bfa1388166139
i686
rpm-devel-4.14.3-28.el8_9.i686.rpm
c3fbe61a9677d5c769b997e6e469e61dcf4a7e3c520eca97d45e53afb70cea21
noarch
rpm-cron-4.14.3-28.el8_9.noarch.rpm
d3525e308817e4b123ee50f4208b77d9f8a7f6dcb71ed9b6551e9e8dfb9d3ef3
noarch
rpm-apidocs-4.14.3-28.el8_9.noarch.rpm
e6274c645a5490182f49716db9e1fde2e8ed892061be655959173f707e3ab6d4
ppc64le
python3-rpm-4.14.3-28.el8_9.ppc64le.rpm
034b44f1f74c6cbead48778bd973da55ee21b9c7883c1bf9369bb523d963540d
ppc64le
rpm-plugin-ima-4.14.3-28.el8_9.ppc64le.rpm
1a51c4b9c936b89aee319862da4ccd2b8af645e9bc2303a9df36c2ced570ec6a
ppc64le
rpm-sign-4.14.3-28.el8_9.ppc64le.rpm
20821de14d2268ccb0709d8c41cd84bc5c3ea07616313074510216e79093e1ec
ppc64le
rpm-libs-4.14.3-28.el8_9.ppc64le.rpm
21bf68c89b7125f69d275e33141619ac3298dd8acd0922d682e2a846aa8db705
ppc64le
rpm-build-libs-4.14.3-28.el8_9.ppc64le.rpm
39f94c90e4847576804bb937226fd40d92c4302e0c22ca71e2005c2ce7d194d2
ppc64le
rpm-plugin-selinux-4.14.3-28.el8_9.ppc64le.rpm
4c8ee4d493ca7b0077d7829285e50621f6f0580ea6fd9e05a8dacfeb9140f211
ppc64le
rpm-devel-4.14.3-28.el8_9.ppc64le.rpm
5faf00405701bfe76836c78c4bb82aa2df820245d18bc1f03e123d6e04cc2018
ppc64le
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.ppc64le.rpm
83df1b776dd7f0c703ba5a38f42ed042bdb041fbbac6c11e5fcdb7e40d8e63ed
ppc64le
rpm-build-4.14.3-28.el8_9.ppc64le.rpm
a04b94656f9c559e47ead3cb69eb14ef33fa0e6033d96918189a415e0389a1a1
ppc64le
rpm-plugin-syslog-4.14.3-28.el8_9.ppc64le.rpm
b09bb4405c8e26cb99f4a543e936b42d5b8846ffdea0795bb14498aa16d74512
ppc64le
rpm-4.14.3-28.el8_9.ppc64le.rpm
c46d112cc670bd8f82bc0822ae821ad3b746b1966dc90622ed231b2ad0979224
ppc64le
rpm-plugin-prioreset-4.14.3-28.el8_9.ppc64le.rpm
e754e3687726ab1b1488acefaa20c063cfada7946c13c679477546f58e720ecd
ppc64le
rpm-plugin-fapolicyd-4.14.3-28.el8_9.ppc64le.rpm
ece6a526f4d357f2f8027f9b59875cb8c69b191b81d448b247a6ec8f44955ce6
s390x
rpm-libs-4.14.3-28.el8_9.s390x.rpm
328fedb47f66315f67d77e1c25cb826b7458444bc1c0e88b7d3664ec4cf0d436
s390x
python3-rpm-4.14.3-28.el8_9.s390x.rpm
40e8640c98d4f3667b73947aafdfa7fe8aa4255b30eb4cb26ccc73db3668385d
s390x
rpm-plugin-fapolicyd-4.14.3-28.el8_9.s390x.rpm
6ea136940bf272bdeb759ab22a1dd6b1ec9ff31844217b34ff90495ec427242c
s390x
rpm-plugin-syslog-4.14.3-28.el8_9.s390x.rpm
70785421c811ad4553f37889ae317bb70c122b144415fa5f69f7d6cfc59a3f5c
s390x
rpm-plugin-prioreset-4.14.3-28.el8_9.s390x.rpm
764f8abbbe85e4c88bf534448365dde476634a0c0220ca574eea39c7b13701f7
s390x
rpm-devel-4.14.3-28.el8_9.s390x.rpm
7f89f472c32fd38cec31231840f9ef4158cb57025f91f19e6429b3136729413d
s390x
rpm-build-libs-4.14.3-28.el8_9.s390x.rpm
90da078eb1b84da7d9c76f56f89a605791efd6e9d10f5445706262c19f5779ba
s390x
rpm-plugin-ima-4.14.3-28.el8_9.s390x.rpm
a0d7c6311d3a60598e6d9aa9ea433b6e2fd33d214e7229a1dc5ae3004aedc547
s390x
rpm-plugin-selinux-4.14.3-28.el8_9.s390x.rpm
b5e48527409ddd65a9148109f51979c902500ec1868428bf65d148c2cf228ec5
s390x
rpm-sign-4.14.3-28.el8_9.s390x.rpm
ce38843c9fce371bf49f5c83fbb74fb6fed67d526cffaf50060cb6b0130c41cf
s390x
rpm-build-4.14.3-28.el8_9.s390x.rpm
d70473a816105f5da769faedd9ec32261c1fc215e1bd83045de935e970f92543
s390x
rpm-4.14.3-28.el8_9.s390x.rpm
e94538c4de6e04f9923fdd5faf3d51bbb3f9d485039bb66ab2cd97958081db7a
s390x
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.s390x.rpm
f7f05ad2f89aec0fc6435b69e7f5e4c65411150397a7e116d23083127cfd1f02
x86_64
rpm-devel-4.14.3-28.el8_9.x86_64.rpm
0ec1c3f3f36a1c47b1d9224918e65168c83310b0e7bb910c7516aecf607e54d9
x86_64
rpm-build-4.14.3-28.el8_9.x86_64.rpm
2f9eb08af9f8e7dee66b5490127add4501bf731493b283ea6bc5aa0041678d50
x86_64
rpm-plugin-selinux-4.14.3-28.el8_9.x86_64.rpm
3746f081fcb567dc42bd844378018fb6f90b2498297627ea49ff5b2d38ce46f9
x86_64
rpm-sign-4.14.3-28.el8_9.x86_64.rpm
39d5d8b935d481c8aaee19a3c30c06631c0193220ff6f8420099c34352660a20
x86_64
python3-rpm-4.14.3-28.el8_9.x86_64.rpm
3eeb3e36082832137f0a85ec5d43c54c6d2fbc913bb3a3350427f060847744dd
x86_64
rpm-plugin-ima-4.14.3-28.el8_9.x86_64.rpm
3ff4395362bc1d69771255550d418c59bffaf128636fc33befacb2c01bc10acc
x86_64
rpm-4.14.3-28.el8_9.x86_64.rpm
523e7b7f75e3897e2172685872f83d81e58da017157e7f41f8b80fc138458768
x86_64
rpm-build-libs-4.14.3-28.el8_9.x86_64.rpm
560f1725520d7a2e5f34fdd2bdac02be656edb7af5096232b7c4ece66640fb39
x86_64
rpm-plugin-fapolicyd-4.14.3-28.el8_9.x86_64.rpm
9ab65fc394897f836f82e556929f9178bee6e03e226551785bdb86d31b1f362a
x86_64
rpm-plugin-prioreset-4.14.3-28.el8_9.x86_64.rpm
9c24767879771c6efda2cb08c6e2d6bf6f06903aaf7ae43beedd470576c1d50c
x86_64
rpm-plugin-syslog-4.14.3-28.el8_9.x86_64.rpm
b8913830f6a9113df4ffed910ea019c055a4a2c7afd619d708427a1316975c7b
x86_64
rpm-libs-4.14.3-28.el8_9.x86_64.rpm
baed71544ef3eaa93a688bf00f4d08ce7270382b60c0796d0df42be3df1bdd8e
x86_64
rpm-plugin-systemd-inhibit-4.14.3-28.el8_9.x86_64.rpm
ff0af39f969500be227e500dab6e94678b986586bf494d47a81f0ee4d062db9d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0647 Moderate: rpm security update
ALSA-2024:0670 Important: runc security update
ID:
ALSA-2024:0670
Title:
ALSA-2024:0670 Important: runc security update
Type:
security
Severity:
important
Release date:
2024-02-06
Description
The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.
Security Fix(es):
* runc: file descriptor leak (CVE-2024-21626)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2024-21626
RHSA-2024:0670
ALSA-2024:0670
Updated packages listed below:
Architecture
Package
Checksum
aarch64
runc-1.1.12-1.el9_3.aarch64.rpm
81740a163e424f529b4f2dab680d508beb333586895ed2b6f7f2b41efd5b3a2c
ppc64le
runc-1.1.12-1.el9_3.ppc64le.rpm
9a451a5d18c35b10f7318ac5d25f7078482f16e769db0db5a32a8f58f648e5c2
s390x
runc-1.1.12-1.el9_3.s390x.rpm
f8c331ea18cacefc669223a486131daeb5db5675c134933f068c79322ac173ae
x86_64
runc-1.1.12-1.el9_3.x86_64.rpm
e0ad2fed169a4faed8b3fc60fd6116c7114c7640cf986268e4ac28ec3dda0082
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2024:0670 Important: runc security update
