September 2023 - Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2023:0192: java-17-openjdk security and bug fix update (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) * OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, the use of a SQLite database provided by NSS was assumed, which was opened in read-only mode and with no PIN expected. This prevented the use of other databases or setting a PIN on the NSS database. This update allows more control over database use using two new properties - fips.nssdb.path and fips.nssdb.pin - which can be configured permanently in the java.security file or temporarily via command-line arguments to the Java virtual machine (RHBZ#2147473) * Prepare for the next quarterly OpenJDK upstream release (2023-01, 17.0.6) [almalinux-8] (BZ#2153010) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-0192.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:4840: An update for dotnet5.0-build-reference-packages is now available for AlmaLinux. (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update to 6ce5818b1c1828ccdc8ac63d460d029c6391a401 [almalinux-8.5.0.z] (BZ#2024345) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-4840.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2021:4533: An update for ibus is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Bug fix: * Previously, in GNOME Wayland desktop in AlmaLinux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target input focus smartly. With this update, the IBus emoji candidate pop-up is used with GNOME-Shell UI in GNOME Wayland desktop and the selected candidate is inserted into the input focus correctly. (BZ#2014064) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2021-4533.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Enhancement Advisory] ALEA-2022:0322: An update for .NET Core 3.1 is now available for AlmaLinux. (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Enhancement update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Enhancement Severity: None Release date: 2023-09-15 Summary: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Bug Fix(es) and Enhancement(s): * Update .NET Core 3.1 to SDK 3.1.416 and Runtime 3.1.22 [almalinux-8.5.0.z] (BZ#2031429) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALEA-2022-0322.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2022:1732: An update for java-11-openjdk is now available for AlmaLinux (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: This erratum reinstates changes made to java-11-openjdk in AlmaLinux 8.6 GA. The original builds for AlmaLinux 8.6 GA will have been superseded by newer binaries released as part of the April 2022 security update for AlmaLinux 8.5. For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2022-1732.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Bugfix Advisory] ALBA-2019:3411: Updated lttng-ust packages that fix several bugs and add various enhancements are now available. (None)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Bugfix Severity: None Release date: 2023-09-15 Summary: This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x86_64 architectures. lttng-ust is now available for all architectures supported on AlmaLinux. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALBA-2019-3411.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:7000: java-17-openjdk security and bug fix update (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 17.0.5) [almalinux-8] (BZ#2132503) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-7000.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:0825: An update for kernel is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036888) Security Fix(es): * kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847) * kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920) * kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154) * kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) * kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) * kernel: missing check in ioctl allows kernel memory read/write (CVE-2022-0516) * kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Intel QAT Kernel power up fix (BZ#2016437) * AlmaLinux8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting performance (BZ#2018928) * [Lenovo 8.4 bug] audio_HDMI certification failed on AlmaLinux 8.4GA (No hdmi out) (BZ#2027335) * [AlmaLinux-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is not set back to zero post online migration (BZ#2027448) * iommu/amd: Fix unable to handle page fault due to AVIC (BZ#2030854) * [Lenovo 8.4 bug]The VGA display shows no signal (black screen) when install AlmaLinux8.4(beta or rc1) in the legacy BIOS mode. (BZ#2034949) * Double free of kmalloc-64 cache struct ib_port->pkey_group from module ib_core . (BZ#2038724) * Bus error with huge pages enabled (BZ#2039015) * AlmaLinux8 - kvm: floating interrupts may get stuck (BZ#2040769) * Data corruption on small files served by httpd, which is backed by cifs-mount (BZ#2041529) * Add a net/mlx5 patch for Hardware Offload Fix (BZ#2042663) * Windows guest random Bsod when 'hv-tlbflush' enlightenment is enabled (BZ#2043237) * DNS lookup failures when run two times in a row (BZ#2043548) * net/sched: Fix ct zone matching for invalid conntrack state (BZ#2043550) * Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel (BZ#2047427) * OCP node XFS metadata corruption after numerous reboots (BZ#2049292) * Broadcom bnxt_re: RDMA stats are not incrementing (BZ#2049684) * ice: bug fix series for 8.6 (BZ#2051951) * panic while looking up a symlink due to NULL i_op->get_link (BZ#2052558) * ceph omnibus backport for AlmaLinux-8.6.0 (BZ#2053725) * SCTP peel-off with SELinux and containers in OCP (BZ#2054112) * Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode (BZ#2054117) * dnf fails with fsync() over local repository present on CIFS mount point (BZ#2055824) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-0825.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077) (CVE-2022-21618) * OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533) (CVE-2022-21626) * OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918) (CVE-2022-21628) * OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526) (CVE-2022-21619) * OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910) (CVE-2022-21624) * OpenJDK: missing SNI caching in HTTP/2 (Networking, 8289366) (CVE-2022-39399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Prepare for the next quarterly OpenJDK upstream release (2022-10, 11.0.17) [almalinux-8] (BZ#2131863) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-7012.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2022:5683: An update for java-11-openjdk-demo-fastdebug is now available for AlmaLinux 8. (Important)
by AlmaLinux Errata Notifications 18 Sep '23

18 Sep '23

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2023-09-15 Summary: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.16.0.8). (BZ#2084649) Security Fix(es): * OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169) * OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540) * OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh1991003 patch breaks sun.security.pkcs11.wrapper.PKCS11.getInstance() [almalinux-8, openjdk-11] (BZ#2099917) * Revert to disabling system security properties and FIPS mode support together [almalinux-8, openjdk-11] (BZ#2108248) * SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode [almalinux-8, openjdk-11] (BZ#2108251) Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2022-5683.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0