September 2023 - Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2021:5227: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() (CVE-2021-20321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * panic while breaking a lease/delegation after user mode helper invocation (BZ#2010333) * The ASR driver is causing a system crash in AlmaLinux8.4 compared to AlmaLinux8.3 due to kernel changes (BZ#2016384) * AlmaLinux8: DFS provided SMB shares are not accessible following unprivileged access (BZ#2017177) * Avoid hitting the rtnl_trylock/restart_syscall logic in net-sysfs when possible (BZ#2021165) * AlmaLinux8: x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (BZ#2024678) * AlmaLinux8.4-[Regression][P10][DD2.0][Rainier/Denali] - system crashed while offlining and onlining cores (BZ#2026450) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2021-5227.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2021:3548: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * AlmaLinux8.4 Nightly[0308] - HST:STC950:Fleetwood: LPAR crashed during LPM: BUG at lib/locks.c:34! (using ibmvfc) (BZ#1969792) * AlmaLinux8.2 - s390/vtime: fix increased steal time accounting (BZ#1988386) * [FJ8.4 Bug]: Installation of AlmaLinux8.4 hang up on a Tatlow platform while loading intel_lpss_pci module. (BZ#1989560) * kernel panic in drm_fb_helper_dirty_work() caused by a race condition qxl driver (BZ#1992839) * [AlmaLinux8.4] TIOCGSERIAL ioctl fails on serial device (BZ#1993872) * AlmaLinux8.4 Nightly[0208] - kernel panic when executing test case for persistent device configuration (using DASD) (BZ#1995206) * Killing ceph daemon leaving an unhealthy ocs/ocp cluster (worker node/s NotReady) (BZ#1995862) * ceph: potential data corruption in cephfs write_begin codepath (BZ#1996680) * libceph: allow addrvecs with a single NONE/blank address (BZ#1996682) * [iavf] traffic stops after host sets vf trust on (BZ#1997536) * [ice][iavf] hit some call trace and system panic when create-remove-vfs in loop (BZ#1997538) * Missing backport of IMA boot aggregate calculation in almalinux 8.4 kernel (BZ#1997766) * XArray tests broken for single processor (BZ#1997997) * [AlmaLinux-8.4] mlock() end up returning -EINVAL instead of -ENOMEM in rewriting the upper address bits. (BZ#1997998) * Kernel panic at n_tty_set_termios+0x30 (BZ#1997999) * [ice]BUG: scheduling while atomic: ifenslave/270215/0x00000200 (BZ#2000129) * [ice]port lost connectivity after removing from bonding (BZ#2000130) Enhancement(s): * [Mellanox 8.5 FEAT] mlx5: drivers update upto Linux v5.12 (BZ#1983681) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2021-3548.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:1445: An update for java-17-openjdk is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449) * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable the import of plain keys into the NSS Software Token while in FIPS mode [almalinux-8, openjdk-17] (BZ#2018189) * Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [almalinux-8, openjdk-17] (BZ#2055396) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-1445.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:1386: An update for .NET Core 3.1 is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.418 and Runtime 3.1.24 [None8.5.0.z] (BZ#2073450) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-1386.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2023:0200: java-11-openjdk security and bug fix update (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2023-01, 11.0.18) [almalinux-8] (BZ#2157797) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-0200.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2021:0558: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620) * OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744) * BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281) * Icelake performance - add intel_idle: Customize IceLake server support to AlmaLinux-8 (BZ#1897183) * [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688) * AlmaLinux 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112) * AlmaLinux8.3 Beta - AlmaLinux8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019) * Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084) * block, dm: fix IO splitting for stacked devices (BZ#1905136) * Failed to hotplug scsi-hd disks (BZ#1905214) * PCI quirk needed to prevent GPU hang (BZ#1906516) * AlmaLinux8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301) * pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576) * [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775) * NFSv4 client improperly handles interrupted slots (BZ#1908312) * NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313) * [Regression] AlmaLinux8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519) * AlmaLinux8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731) * SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243) * C6gn support requires "Ensure dirty bit is preserved across pte_wrprotect" patch (BZ#1909577) * [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555) * Kernel crash with krb5p (BZ#1912478) * [AlmaLinux8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872) * [Hyper-V][AlmaLinux-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528) * Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964) * AlmaLinux8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638) * Missing mm backport to fix regression introduced by another mm backport (BZ#1915814) * [Hyper-V][AlmaLinux-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711) * ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372) * [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743) * kvm-almalinux8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885) Enhancement(s): * [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2021-0558.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Enhancement Advisory] ALEA-2022:1733: An update for java-17-openjdk is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Enhancement update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Enhancement Severity: None Release date: 2023-09-15 Summary: This erratum reinstates changes made to java-17-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALEA-2022-1733.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:1388: An update for .NET 5.0 is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET 5.0 to SDK 5.0.213 and Runtime 5.0.16 [almalinux-8.5.0.z] (BZ#2072003) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-1388.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:2142: An update for .NET Core 3.1 is now available for AlmaLinux. (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.418 and Runtime 3.1.24 [almalinux-8.6.0.z] (BZ#2074654) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-2142.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:5230: An update for accountsservice is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: The accountsservice project provides a set of D-Bus interfaces for querying and manipulating user account information. It is based on the useradd, usermod, and userdel commands. Bug Fix(es) and Enhancement(s): * [HP WS AlmaLinux 8.5 bug] Desktop presentation changes between reboots when logging in as root (BZ#2013103) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-5230.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0