AlmaLinux 2325 Published by

The following three security updates are available for AlmaLinux:

ALSA-2024:4197: httpd:2.4/httpd security update (Moderate)
ALSA-2024:4212: golang security update (Moderate)
ALSA-2024:4211: kernel security and bug fix update (Important)




ALSA-2024:4197: httpd:2.4/httpd security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-07-01

Summary:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

* httpd:2.4: httpd: HTTP response splitting (CVE-2023-38709)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4197.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4212: golang security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2024-07-02

Summary:

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4212.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4211: kernel security and bug fix update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2024-07-02

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
* kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001)
* kernel: ovl: fix leaked dentry (CVE-2021-46972)
* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)
* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)
* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)
* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)
* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
* kernel: powerpc/powernv: Add a null pointer check in opal_event_init() (CVE-2023-52686)
* kernel: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (CVE-2023-52675)
* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)
* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)
* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)
* kernel: crypto: qat - resolve race condition during AER recovery (CVE-2024-26974)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)
* kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow (CVE-2024-35959)
* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)
* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)
* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)
* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)
* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

Bug Fix(es):

* Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:AlmaLinux-29783)
* Temporary values in FIPS integrity test should be zeroized [almalinux-8.10.z] (JIRA:AlmaLinux-35361)
* AlmaLinux8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:AlmaLinux-36048)
* [AlmaLinux8] blktests block/024 failed (JIRA:AlmaLinux-8130)
* AlmaLinux8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:AlmaLinux-14195)
* Latency spikes with Matrox G200 graphic cards (JIRA:AlmaLinux-36172)

For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4211.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team