AlmaLinux 2309 Published by

AlmaLinux has been updated with multiple security enhancements, which include bcc, python-gevent, python3.12, grafana-pcp, xorg-x11-server, kernel, haproxy, krb5, bpftrace, kernel-rt, xmlrpc-c, python3.11, and bzip2:

ALSA-2024:8831: bcc security update (Low)
ALSA-2024:8834: python-gevent security update (Important)
ALSA-2024:8836: python3.12 security update (Moderate)
ALSA-2024:8847: grafana-pcp security update (Moderate)
ALSA-2024:8798: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate)
ALSA-2024:8856: kernel security update (Moderate)
ALSA-2024:8849: haproxy security update (Moderate)
ALSA-2024:8860: krb5 security update (Important)
ALSA-2024:8830: bpftrace security update (Low)
ALSA-2024:8870: kernel-rt security update (Moderate)
ALSA-2024:8859: xmlrpc-c security update (Moderate)
ALSA-2024:8838: python3.11 security update (Moderate)
ALSA-2024:8922: bzip2 security update (Low)




ALSA-2024:8831: bcc security update (Low)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Low
Release date: 2024-11-06

Summary:

BPF Compiler Collection (BCC) is a toolkit for easier creation of efficient kernel tracing and manipulation programs. BCC uses the extended Berkeley Packet Filter (eBPF) tool.

Security Fix(es):

* bcc: unprivileged users can force loading of compromised linux headers (CVE-2024-2314)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8831.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8834: python-gevent security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2024-11-06

Summary:

gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop. Features include: * convenient API around greenlets * familiar synchronization primitives (gevent.event, gevent.queue) * socket module that cooperates * WSGI server on top of libevent-http * DNS requests done through libevent-dns * monkey patching utility to get pure Python modules to cooperate

Security Fix(es):

* python-gevent: privilege escalation via a crafted script to the WSGIServer component (CVE-2023-41419)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8834.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8836: python3.12 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python".

Security Fix(es):

* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8836.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8847: grafana-pcp security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8847.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8798: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8798.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8856: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
* kernel: nouveau: lock the client object tree. (CVE-2024-27062)
* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)
* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)
* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8856.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8849: haproxy security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8849.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8860: krb5 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2024-11-06

Summary:

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

* freeradius: forgery attack (CVE-2024-3596)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8860.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8830: bpftrace security update (Low)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Low
Release date: 2024-11-06

Summary:

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a backend to compile scripts to BPF-bytecode and makes use of BCC for interacting with the Linux BPF system, as well as existing Linux tracing capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing (uprobes), and tracepoints. The BPFtrace language is inspired by awk and C, and predecessor tracers such as DTrace and SystemTap

Security Fix(es):

* bpftrace: unprivileged users can force loading of compromised linux headers (CVE-2024-2313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8830.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8870: kernel-rt security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
* kernel: nouveau: lock the client object tree. (CVE-2024-27062)
* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)
* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)
* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8870.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8859: xmlrpc-c security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.

Security Fix(es):

* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8859.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8838: python3.11 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-11-06

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8838.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:8922: bzip2 security update (Low)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Low
Release date: 2024-11-06

Summary:

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs.

Security Fix(es):

* bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-8922.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team