- Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [almalinux-8] (BZ#2131863) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-7012.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:5683: An update for java-11-openjdk-demo-fastdebug is now available for AlmaLinux 8. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8). (BZ#2084649) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [almalinux-8, openjdk-11] (BZ#2099917) * Revert to disabling system security properties and FIPS mode support together [almalinux-8, openjdk-11] (BZ#2108248) * SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [almalinux-8, openjdk-11] (BZ#2108251) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-5683.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:0188: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155) * kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel show “ BUG: scheduling while atomic:xxx“ and reboot when an uncorrectable memory error injection on AlmaLinux8.4 beta and GA (BZ#2008789) * tcp: Sockets can be orphaned in the FIN-WAIT-1 or CLOSING states. (BZ#2021574) * Hostnetwork pod to service backed by hostnetwork on the same node is not working with OVN Kubernetes (BZ#2024411) * ice: bug fixes for kernel crashes (BZ#2026698) * [AlmaLinux-8.6][SanityOnly] Backport leftover migrate_disable BPF related change (BZ#2027689) * xfs: I_DONTCACHE flag is ignored [xfstests: xfs/177] (BZ#2028534) * FIPS: deadlock between PID 1 and "modprobe crypto-jitterentropy_rng" at boot, preventing system to boot (BZ#2029365) * AlmaLinux8.6: Backport upstream RCU commits up to v5.12 (BZ#2029449) * i40e,ixgbe: revert XDP partial backport from kernel 5.13 (BZ#2029845) * spec: Support separate tools build (BZ#2031053) * RCU stall WARNING: at kernel/rcu/tree.c:1392 rcu_advance_cbs_nowake+0x51/0x60 (BZ#2032579) * block: update to upstream v5.14 (BZ#2034396) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-0188.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:5146: An update for .NET 5.0 is now available for AlmaLinux. (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 5.0 to SDK 5.0.210 and Runtime 5.0.13 [almalinux-8.5.0.z] (BZ#2030738) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-5146.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:1731: An update for java-1.8.0-openjdk is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: This erratum reinstates changes made to java-1.8.0-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-1731.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:1985: An update for java-1.8.0-openjdk is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2021-04, 8u292) [almalinux-8] (BZ#1942308) * EMBARGOED java-1.8.0-openjdk: JDK: Oracle CPU 2021-04 (BZ#1943839) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-1985.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:1984: An update for java-11-openjdk is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fix(es) and Enhancement(s): * Prepare for the next quarterly OpenJDK upstream release (2021-04, 11.0.11) [almalinux-8] (BZ#1942311) * java-11-openjdk: JDK: Oracle CPU 2021-04 (BZ#1943233) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-1984.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:0371: An update for sssd is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Bug Fix(es) and Enhancement(s): * sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest AlmaLinux8.5 krb5 libraries (BZ#2030651) * AD Domain in the AD Forest Missing after sssd latest update (BZ#2035285) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-0371.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:1550: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Backport DFS fixes from upstream (BZ#2056329) * [AlmaLinux8.5] lpfc driver often fails to detect storage directly connected to Broadcom FC HBA (BZ#2058193) * nf_reinject calls nf_queue_entry_free on an already freed entry->state (BZ#2061446) * gfs2 blocking in gdlm_lock (BZ#2069750) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-1550.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2021:2588: An update for the ruby:2.6 module is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627) Security Fix(es): * rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881) * ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) * ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201) * ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255) * rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663) * ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933) * ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) * ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) * ruby: HTTP response splitting in WEBrick (CVE-2019-16254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [almalinux-8] (BZ#1954968) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2021-2588.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0