AlmaLinux 2319 Published by

The following security updates are available for AlmaLinux:

ALSA-2024:4371: buildah security update (Important)
ALSA-2024:4378: podman security update (Important)
ALSA-2024:4379: gvisor-tap-vsock security update (Important)
ALSA-2024:4376: libreswan security update (Moderate)
ALSA-2024:4367: pki-core security update (Important)
ALSA-2024:4352: kernel-rt security and bug fix update (Important)
ALSA-2024:4262: linux-firmware security update (Moderate)




ALSA-2024:4371: buildah security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-07-09

Summary:

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4371.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4378: podman security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-07-09

Summary:

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4378.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4379: gvisor-tap-vsock security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2024-07-09

Summary:

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-4379.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4376: libreswan security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-07-09

Summary:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4376.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4367: pki-core security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2024-07-08

Summary:

The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System.

Security Fix(es):

* dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4367.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4352: kernel-rt security and bug fix update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2024-07-08

Summary:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583
* kernel-rt: kernel: PCI interrupt mapping cause oops [almalinux-8] (CVE-2021-46909)
* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)
* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)
* kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)
* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)
* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
* kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)
* kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)
* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)
* kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)
* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)
* kernel: ovl: fix leaked dentry (CVE-2021-46972)
* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)
* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)
* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)
* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)
* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)
* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
* kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)
* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)
* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)
* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)
* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)
* kernel: crypto: (CVE-2024-26974, CVE-2023-52813)
* kernel: can: (CVE-2023-52878, CVE-2021-47456)
* kernel: usb: (CVE-2023-52781, CVE-2023-52877)
* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)
* kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)
* kernel: gro: fix ownership transfer (CVE-2024-35890)
* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)
* kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)
* kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)
* kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)
* kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)
* kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)
* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)
* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)
* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest AlmaLinux-8.10.z kernel (JIRA:AlmaLinux-40882)
* [almalinux8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:AlmaLinux-8779)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4352.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2024:4262: linux-firmware security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-07-08

Summary:

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

* kernel: Reserved fields in guest message responses may not be zero initialized (CVE-2023-31346)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-4262.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team